CN1841997A - Information process distribution system, information processing apparatus and information process distribution method - Google Patents

Information process distribution system, information processing apparatus and information process distribution method Download PDF

Info

Publication number
CN1841997A
CN1841997A CNA2006100715796A CN200610071579A CN1841997A CN 1841997 A CN1841997 A CN 1841997A CN A2006100715796 A CNA2006100715796 A CN A2006100715796A CN 200610071579 A CN200610071579 A CN 200610071579A CN 1841997 A CN1841997 A CN 1841997A
Authority
CN
China
Prior art keywords
information
user
content
processing
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006100715796A
Other languages
Chinese (zh)
Other versions
CN1841997B (en
Inventor
川口浩
川本洋志
长尾丰
吉村光司
木村学
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp filed Critical Sony Corp
Publication of CN1841997A publication Critical patent/CN1841997A/en
Application granted granted Critical
Publication of CN1841997B publication Critical patent/CN1841997B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Abstract

An apparatus and method is disclosed wherein a process of information relating to a content which applies a high load to a CPU can be processed efficiently in a distributed manner. A request source information processing apparatus transmits a process type of the process to be executed, and receives identification information of different information processing apparatus in accordance with the process type and apparatus information associated with the identification information including resource information. Then, the request source apparatus acquires load information of the apparatus, and determines a particular apparatus to which a request to execute a process is to be issued based on the resource information and the load information. Then, the request source apparatus issues a request to execute the process and transmits information relating to the content to the particular apparatus.

Description

Information processing compartment system, information processor and information processing location mode
Cross-reference to related applications
The present invention comprises the relevant theme of submitting to Japan Patent office on March 30th, 2005 of Japanese patent application JP 2005-100177, quotes its full content as a reference at this.
Technical field
The present invention relates to a kind of information processing (distribution) system that distributes, relate in particular to a kind of information relevant with the information processing compartment system of distributed way by a plurality of information processors processing with content.
Background technology
In recent years, digital content music content popularizing and the increase of personal computer (PC) speed and capacity etc. and be subjected to increasing illegal distribution and exchange and do not obtain copyright permitting for example along with the internet.Therefore, in order to prevent this illegal act, the copyright protection technology that the distribution and the use of content applied restriction launches.
In utilizing the content of copyright management system of copyright protection technology, carry out for example encryption and decryption of content of various processing, it is essential using the checking of the necessary certificate of content and the compression of music data.This processing by the use of the content of copyright protection comprises that many CPU to information processor (CPU) apply the processing of high load capacity, and causes the problem that the subscriber response time to each processing prolongs.
In addition, except that PC, many information processors that can be connected to network for example DVD register and audio devices are available recently.Therefore, the whole bag of tricks proposes, and wherein a plurality of information processors are connected to each other by communication line and can effectively utilize with the resource of constructing home network, making the information processor that is connected to home network.
A kind of in these methods is open in Japanese Patent Application Publication 2002-297559 number, wherein when any one had superfluous cpu resource in the information processor that is connected to network, resource can be lent another information processor that is connected to network.Use this method, if in this information processor one be deficient in resources, its uses the resource of borrowing from another information processor to carry out to handle so.
Another kind method is open in Japanese Patent Application Publication 2003-178036 number, does not have its required function if wherein be connected in the information processor of network one, and its uses the function executing that provides in another device to handle so.Use this method, when processing used the request of the function executing that does not provide in device to send, the function executing that provides in another device can be provided in processing.
Summary of the invention
Above-described information processing system only allows the use of the resource of borrowing from another information processor or for the use of the function of another information processor of function that does not provide device self.But this information processing system has following problem, and promptly the subscriber response time to the processing of content under copyright protection that high load capacity is provided can not reduce.
Expectation provides a kind of new information processing compartment system, information processor and information processing compartment system, and it can be considered to be connected to the resource of a plurality of information processors of network and load condition and improve to some extent aspect the execution effectively with distributed way CPU being applied high load capacity, the information processing relevant with content.
According to a kind of embodiment of the present invention, provide a kind of information processing compartment system, comprise management server and be connected to a plurality of information processors that management server is used to handle the information relevant with content by communication network, this management server comprises: the device information storage area, be used for the identifying information and the device information of information processor are stored in wherein with the relation that is relative to each other, device information comprises at least can be respectively by the processing type of information processor execution and the resource information of information processor; Information processor is selected part, be used for selecting information processor to be suitable for by the processing type of sending the request source information processor appointment of carrying out the information processing request relevant in the information processor one, and obtain the identifying information of selected information processing unit from the device information storage area with content; And device information transmission part, be used to send the identifying information of the selected information processing unit that obtains by information processor selection portion branch and the device information that is associated with identifying information; This request source information processor comprises: handle type and send part, be used to send the execution information processing necessary processing type relevant with content; The device information receiving unit is used to receive the identifying information of the information processor of being selected by management server and the device information that is associated with identifying information; Information on load obtains part, is used for obtaining based on the identifying information of the selected information processing unit that is received by the device information receiving unit information on load of selected information processing unit; Request destination determining section is used for determining the request destination information processing unit that the request of execution processing in the information processor is issued to based on resource information that is included in device information and information on load; And content information transmission part, be used to send the request of execution processing to the relevant information of content of asking destination information processing unit and transmission with the object of ask processing; This request destination information processing unit comprises: information on load sends part, is used for the information on load of request destination information processing unit is sent to the request source information processor; The processing execution part is used to carry out the information processing relevant with content by the request of request source information processor; And the processing execution result sends part, is used for sending to the request source information processor by the processing execution result that the contents processing operating part is carried out.
In this information processing compartment system, the processing type and the resource information that are connected to the information processor of network store in the management server, and it is selected to be suitable for carrying out of the processing type handled by the request source information processor of the request source that is used as the processing relevant with content in the information processor in the information processor.Then, the request source information processor obtains in the information processor those resource information and the information on load of being selected by management server, and consider that the resource information of information processor self and different information processors and information on load are determined will be in the information processor as the request destination information processing unit of asking the destination.Therefore, when the request source information processor is attempted to carry out when heavy load being provided and needing the processing of plenty of time, it can consider to be connected to the resource information of different information processors of network and information on load and distribution process effectively.Because its consideration is connected to the resource information and the information on load of the different information processors of network when the request source information processor is carried out the information processing relevant with content, the computational resource that is connected to the information processor of network can effectively utilize, and the user is not aware of, thereby the minimizing of subscriber response time can realize.
According to another embodiment of the present invention, provide a kind of information processor that is connected to management server and different information processors, the processing information relevant by communication network with content, comprise: handle type and send part, be used to send the execution information processing necessary processing type relevant with content; The device information receiving unit is used to receive the identifying information of of being suitable for handling type, two or more different information processors and is associated with identifying information and comprises the device information of the resource information of different at least information processors; Information on load obtains part, is used for obtaining based on the identifying information of the different information processors that received by the device information receiving unit information on load of different information processors; Request destination determining section is used for determining the request destination information processing unit that the request of execution processing in the different information processors will be issued to based on resource information that is included in device information and information on load; And information transmission part, be used to send the request of execution processing to the relevant information of content of asking destination information processing unit and transmission with the object of ask processing.
In this information processor, when its carries out the processing of content information, it will be carried out the necessary processing type of pending processing and send to management server and obtain those identifying information and the resource information that is suitable for handling type in the different information processors.Then, information processor sends the inquiry about the current information on load of different information processors, and considers that the resource information of different information processors and information on load determine to carry out the request destination information processing unit that the request handled will be issued to.Therefore, the information processing relevant with content can be considered to be connected to network and comprise the resource information of information processor of information processor self and information on load and distribute, and the computational resource that is connected to the information processor of network can effectively utilize.
This information processor can be configured and make management server that the identifying information and the device information of different information processors are stored in wherein with the relation that is relative to each other, device information comprises can be respectively by the processing type of those execution at least that are associated with identifying information in the different information processors and the resource information of different information processors, and management server is selected to be suitable in the different information processors from handling the identifying information that type sending part branch sends to of the processing type of there and sends the selected information processing unit.In this information processor, comprise that the device information of the resource information etc. of the information processor that is connected to network can jointly be stored in the management server.Therefore, being stored in device information in the management server can respond from the request of carrying out the information processor of handling and provide.
This information processor can also comprise processing execution acceptance permission/refusal query portion, be used for whether acceptable inquiry is issued to the different information processors that are associated with the identifying information of the different information processors that received by the device information receiving unit with carrying out about the information processing relevant with content, information on load acquisition unit branch obtains the information on load of the different information processors that can accept the information processing execution relevant with content.In this information processor, it can send those that only can accept about the inquiry of information on load that the information processing relevant with content carry out in the different information processors.Therefore, useless processing can be eliminated.
This information processor can be configured and make the destination determining section that calls request determine the execution ratio of handling, and based on being included in one that resource information and information on load in the device information determined to be issued to according to the processing request of carrying out ratio in the different information processors, and information sends part and the request of processing execution is issued to determined different information processor and sends and the relevant information of content according to the object of the processing of carrying out ratio.In this information processor, processing can respond the resource information of the information processor that is connected to network and information on load and separately carry out.Therefore, relevant with content information processing can distributed way be carried out effectively.
This information processor can also comprise the information encryption part, be used to use the unique user key of the user who uses information processor is encrypted the relevant information of content with the object of ask processing, the transmission of information sending part branch is relevant with content and by information encryption part information encrypted.
Encryption is to use encryption key to rearrange digital information.Hereinafter user key of Miao Shuing and Device keys are encryption keys.Encryption key is to be used for the predetermined rule that digital information rearranges.Two kinds of methods can be used for encryption key, comprise encryption and decryption are used the public key encryption technology of different keys and the private key encryption technology of same key is used in encryption and decryption, and the present invention go for two kinds of methods.Should be noted that in this manual user key provides to the user's who uses the information processing compartment system key and comprises the key that is used for encrypted secret key and is used to decipher.Device keys provides to the key of each information processor and comprises the key that is used for encrypted secret key and is used to decipher.
In this information processor, it can with the information security relevant with content send to the different information processors that are connected to network and receive the information relevant therefrom safely with content.Therefore, it is protected that the copyright of content simultaneously can distributed way be carried out in the information processing relevant with content.
This information processor can also comprise: the link information storage area, be used for identifying information that concerns the stored information processing unit that is relative to each other and the identifying information that uses the user of information processor, the link information storing section stores is to the user key of the unique encryption of the user who uses information processor; And the key handling part, being used to use user key to the unique Device keys enabling decryption of encrypted of information processor, information encryption partly uses the user unique and user key that partly deciphered by key handling to encrypt the information relevant with content.In this information processor, only it with situation that the user who uses information processor is associated under, the information that it can be encrypted or deciphering is relevant with content.Therefore, it is protected that the copyright of content simultaneously can distributed way be carried out in the information processing relevant with content.
This information processor can be configured and make link information storing section stores at least one link information, and produce starting point according to the link information of storage and be the information processor that uses identifying information identification and the point of arrival route for the user that uses identifying information identification, related with between the identifying information of realizing information processor and the user's of use information processor the identifying information, link information comprises a pair of identifying information clauses and subclauses, one expression linked source and another expression link destination.
According to another embodiment of the present invention, provide a kind of information processor that is connected to the different information processors that send the request of handling the information relevant by communication network with content, comprise: information on load sends part, is used for the information on load of information processor is sent to different information processors; The processing execution part is used to carry out the information processing relevant with content by different information processor requests; And the processing execution result sends part, is used for sending to different information processors by the processing execution result that the contents processing operating part is carried out.
In this information processor, it can response message processing unit its other resources information carries out the information processing relevant with content by different information processor requests with information on load.Therefore, when the load to information processor self weighed, it did not carry out the processing of different information processors, but when information processor had enough leeway in its resource, it can carry out the processing of different information processors.Therefore, the resource that is connected to the information processor of network can effectively utilize.
This information processor can also comprise: processing execution is accepted permission/refusal deciding section, is used to determine whether the information processing execution relevant with content by different information processor requests can be accepted; And accept permissions/refusal determination result transmission part, be used for accepting the acceptance permission/refusal determination result that permission/refusal deciding section determines and send to different information processors by processing execution; When the execution of being accepted permission/refusal deciding section decision information processing by processing execution can be accepted, the information on load of information on load sending part distribution carry information processing unit.In this information processor, only when it can accept the execution of processing of different information processors, it can send the information on load of information processor self.Therefore, useless processing can be eliminated.
This information processor can also comprise: the message pick-up part is used to receive by different information processors and uses the relevant information of the content with process object that the unique user key of the user who uses different information processors is encrypted; And the decrypts information part, being used to decipher the information relevant with encrypted content, processing execution is partly carried out information processing relevant with content and that partly deciphered by decrypts information.Perhaps, this information processor can also comprise processing execution encryption section as a result, be used to use the processing execution result who the unique user key of the user who uses information processor is encrypted the processing of partly being carried out by processing execution, processing execution sending part is as a result divided the processing execution result who sends by processing execution encryption section encryption as a result.In this information processor, it can with the information security relevant with content send to the different information processors that are connected to network and receive the information relevant therefrom safely with content.Therefore, it is protected that the copyright of content simultaneously can distributed way be carried out in the information processing relevant with content.
This information processor can also comprise the link information storage area, be used for the identifying information of stored information processing unit and the user's who uses information processor identifying information, when the identifying information of the user in being stored in the link information storage area was associated with the user's who uses different information processors identifying information, the contents decryption part is the deciphering enciphered message relevant with content successfully.In this information processor, only when the corresponding identifying information of identifying information with the user who uses different information processors was stored in the link information storage area, it successfully deciphered the information relevant with content.Therefore, it is protected that the copyright of content simultaneously can distributed way be carried out in the information processing relevant with content.
This information processor can also comprise: the link information storage area, be used for identifying information that concerns the stored information processing unit that is relative to each other and the identifying information that uses the user of information processor, the link information storing section stores is to the user key of the unique encryption of the user who uses information processor; And the key handling part, being used to use user key to the unique Device keys enabling decryption of encrypted of information processor, decrypts information partly uses the user key of partly being deciphered by key handling to decipher the enciphered message relevant with content.In this information processor, only when information processor with when using the user of information processor to be relative to each other connection, the information that it can be encrypted or deciphering is relevant with content.Therefore, it is protected that the copyright of content simultaneously can distributed way be carried out in the information processing relevant with content.
This information processor can be configured and make link information storing section stores at least one link information, and produce starting point according to the link information of storage and be the information processor that uses identifying information identification and the point of arrival route for the user that uses identifying information identification, related with between the identifying information of realizing information processor and the user's of use information processor the identifying information, link information comprises a pair of identifying information clauses and subclauses, one expression linked source and another expression link destination.
Be provided for the information processing location mode that distributed intelligence is handled equally.
Use this information processing compartment system, information processor and information processing location mode, the information processing relevant with content that CPU is applied heavy load can be considered to be connected to the resource of a plurality of information processors of network and load condition and carry out effectively with distributed way.
Above of the present invention and other purposes, feature and advantage will from the description carried out below in conjunction with appended drawings and accessory claim, become obviously, wherein similar parts or element are represented by similar reference number.
Description of drawings
Fig. 1 shows that information processing compartment system according to the present invention is applied to the schematic diagram that wherein content provides the copyright management of the summary of link system of system and explanation link system;
Fig. 2 is the schematic diagram that the content of displayed map 1 provides the overall arrangement of system;
Fig. 3 is the block diagram of the hardware configuration example of PC shown in the displayed map 1 schematically;
Fig. 4 is the block diagram of the hardware configuration example of PD shown in the displayed map 1 schematically;
Fig. 5 is the block diagram of the functional configuration of copyright management server shown in the displayed map 2;
Fig. 6 is the view of the memory contents of user profile storage area shown in the key diagram 5;
Fig. 7 is the sequential chart of the registration process of PC shown in the key diagram 1;
Fig. 8 is the sequential chart of the registration process of PD shown in the key diagram 1;
Fig. 9 is the sequential chart that the content of key diagram 1 provides the registration process of the user in the system;
Figure 10 is the sequential chart that the content of key diagram 1 provides the link process of system;
Figure 11 illustrates the diagram that the content of the link information that uses in the system is provided in the content of Fig. 1;
Figure 12 is the sequential chart that the content of key diagram 1 provides the another kind of link process of system;
Figure 13 illustrates that the content that is included in Fig. 1 provides the view of the key information in the link of using in the system;
Figure 14 is the sequential chart that the content of key diagram 1 provides the licence distribution process of system;
Figure 15 illustrates the diagram that the content of the license information that uses in the system is provided in the content of Fig. 1;
Figure 16 is the block diagram of the functional configuration of content playback unit shown in the displayed map 1;
Figure 17 is the block diagram that shows the more detailed configuration of content playback unit shown in Figure 16;
Figure 18 is the flow chart that the content key deciphering of the content playback unit of explanation Figure 16 allowed/forbade decision process;
Figure 19 is the flow chart of content playback process of the content playback unit of explanation Figure 16;
Figure 20 illustrates the diagram that the notion of the key information that uses in the system is provided in the content of Fig. 1;
Figure 21 is the block diagram that shows according to the overall arrangement of information processing compartment system of the present invention;
Figure 22 is the block diagram that shows the functional configuration of management server shown in Figure 21 and request source information processor;
Figure 23 is the block diagram that shows the functional configuration of the destination information of request shown in Figure 21 processing unit;
Figure 24 is the sequential chart that the distributed approach that uses in the information processing compartment system of Figure 21 is described;
Figure 25 is the view that explanation is stored in the information in the storage area of device information shown in Figure 22;
Figure 26 is the view that explanation is included in the information in the information on load that uses in the information processing compartment system of Figure 21; And
Figure 27 is the flow chart of the method for the deciphering used in the information processing compartment system of Figure 21 of the explanation information relevant with content.
Embodiment
Below, information processing compartment system according to the present invention is applied to information processing compartment system 500, its can distributed way handle effectively with by the relevant information of the content of copyright protection.
Content can be for example sound (audio frequency) content of music, speech, program of radio station etc. of arbitrary content, image (video) content that forms by one or more still picture that forms film, TV programme, video frequency program, photo, drawing, chart etc. or live image, e-book (E-book), recreation or software.In the following description, sound-content is particularly described as content instance from distribution service device music content distribution or that peel off from music CD.But, this example that the present invention is not limited to mention just now.
Perhaps be used for the encryption and decryption of the content key of encrypted content in the information processing relevant with content comprises, use the checking of the necessary certificate of content, the compression of music data etc.These processing comprise that many CPU to information processor apply high load capacity and cause the processing of the problem that the subscriber response time of each processing is prolonged.
Though the copyright of protection content is so that it is essential preventing illegal act, if when use during by the content of copyright protection as mentioned above the plenty of time be that this processing is required, the distribution of content is disturbed so.
Recently, various devices are used with the reproduction content by the user, and device is connected to network to download content or different device is connected to each other to become possibility by the network transmission with the reception information relevant with content.
Therefore, in the information processing compartment system of the present embodiment, the information processing relevant with content that CPU is applied high load capacity is distributed to information processor connected to one another by network, to realize effective distributed treatment on whole network.
The summary of the information processing compartment system 500 of the present embodiment as mentioned above.Below, the copyright management of the link system that is adopted by the information processing compartment system 500 according to the present embodiment is described.According to the copyright management of link system, the copyright of content can be protected, and the information relevant with content can send and receive safely.
<1. the summary of the copyright management of link system 〉
At first, be described as the copyright management of the link system that in information processing compartment system, uses and preparation contents provides the summary of system according to the present embodiment.
Content provides the service condition of the rights management content (being designated hereinafter simply as " content ") that System Management User and the digital content by encrypted image, sound etc. obtain.Content provides system constraint except that the user who buys content any other user is to the use of content, so as the illegal use that positively prevents content for example content by the behavior of a large amount of distributions of internet etc.
In order to make the user who buys encrypted content reproduce content, it is essential being used for content-encrypt process key (below be called " the content key ") decryption content of encrypted content.Even content is by illegal distribution such as internets, if content key can not obtain, content can not be reproduced so.Therefore, provide in the system in content, content key must be distributed safely and must be used by validated user.
On the other hand, between the device that is had by the user who buys content, it is essential allowing content freely to distribute to a certain extent.Otherwise the user who buys content can not reproduce content or only can use the device of its purchase to reproduce by content on the owned device by the user.
So, content provides system to adopt copyright management system, and wherein when copyright management was carried out, sharing of content can allow in the private scope to strengthen the convenience and the degree of freedom that content is shared between the multiple arrangement that is had by same user.In order to realize copyright management system, in the present embodiment, adopt the rights management scheme of carrying out by link system.
According to the copyright management of link system, different device is relative to each other connection so that shared content becomes possibility between device.In the present embodiment, the different device connection that is relative to each other is called linked set (to each other).For example, by being linked to another device 1 that is had by the user by the device 2 that the user has, can reproduce on device 2 equally in the content of reproducing on the device 1 becomes possibility.Though the detailed description of device provides hereinafter, any device that is linked to the device 1 that can reproduce content can reproduce content, and any device that is not linked to device 1 can not reproduce content.Therefore, when copyright management was carried out, any device that content can be had by the user to a certain extent freely reproduced.
It should be noted that, content can be an arbitrary content, sound (audio frequency) content of music, speech, program of radio station etc. for example, image (video) content that forms by one or more still picture that forms film, TV programme, video frequency program, photo, drawing, chart etc. or live image, e-book (E-book), recreation or software.In the following description, music content is particularly described as content instance from distribution service device music content distribution or that peel off from music CD.But, this example that the present invention is not limited to mention just now.
Now, the content of describing this copyright management that is used for carrying out link system as mentioned above with reference to figure 1 provides the summary of system's link system.Fig. 1 displaying contents provides the summary of the link system of system.
With reference to figure 1, suppose that user A 11a has user's set 10a, 10b and 10d.For example, user A provides service and buys content by user's set 10a subscription content.If user A wants reproducing content as on the user's set 10a by the owned device of user A, user A is linked to user A with user's set 10a so.As mentioned above, if user's set 10a is linked to user A, the content of being bought by user A is reproduced on user's set 10a and is become possibility so.
Here, user's set 10a being linked to the user A meaning is the private information that user's set 10a obtains user A.The private information of user A is the information that can be known by user A at first, for example information of the private key of user A.For example, for content key is distributed to user A safely, content key uses user's PKI or encrypted private key and is distributed to user A.
User A will attempt reproducing content on user's set 10a.But if user's set 10a does not have the information of the private key of user A, user's set 10a can not decrypted content keys so, therefore can not reproduce content.Therefore, if user's set 10a is linked to user A, just, if user's set 10a can obtain the information of the private key of user A, user's set 10a can reproduce the content of being bought by user A so.
Similarly, user's set 10b will be linked to user A.If user's set 10b has the information of the private key of user A, so same user's set 10b can reproduce any content of being bought by user A.
For the private key that makes user A is distributed to user's set 10a safely, the private key of user A uses PKI or the encrypted private key of user's set 10a and is distributed to user's set 10a is essential.The private key of user A is by user's set 10a deciphering, and content key uses the private key deciphering of the deciphering of user A.In addition, if expectation is reproduced content equally on user's set 10d, user's set 10d should be linked to user's set 10a.User's set 10d can obtain user's set 10a private key information and also can use the private key of user's set 10a to obtain the information of the private key of user A.Then, the content of being bought by user A can use the private key of user A to reproduce.
So, if device obtains the private information of the link destination of the link destination that tracking means self is linked to, the device that links the destination so can reproduce the content of purchase.For example, if user's set 10a is linked to the user B 11b as 12 members of family of user A, the content of being bought by user B can be reproduced on user's set 10a equally so.In addition, if user A and user B are linked to the different members of family, when the member of family became content and the member of service is provided and buys content, user A and user B also can reproduce content so.So, if the Any user device is linked to user A and user B, user's set can reproduce the content of being bought by the kinsfolk so.
In addition, if the user is linked to each other with the user's set that is had by the user or by the user's set that the user has, have only so when content key is distributed to Any user safely, those users that content is used in restriction simultaneously contents between the device that has by the user, freely share to a certain extent be only possible.
The summary of the copyright management of link system as mentioned above.Now, content provides system 100 as being realized that by link system the particular instance of copyright management is described below.
<2. content provides the overall arrangement of system 〉
Fig. 2 displaying contents provides the overall arrangement of system 100.With reference to figure 2, shown in content provide system 100 to comprise user's set 10, copyright management server 20a, and content providing server 20b.User's set 10 can comprise a plurality of user's set 10a, 10b, 10c, 10d as mentioned above ...In addition, though copyright management server 20a and content providing server 20b form server independent of each other, they can form single comprehensive server in addition.
Use the various information processors of content can be used for user's set 10.In Fig. 2, user's set 10 comprises notebook type or desktop PC (the following PC that is called sometimes) 10a, audio devices 10b and 10c, and as portable set (the following PD that the is called sometimes) 10d of pocket content playback unit.
User's set 10 for example has the function of use of content (reproduction of content for example, storage is moved, in conjunction with, divide, conversion is duplicated, and lends and give back function), content playback controlled function based on above-mentioned link, the management function of content (for example, the content of content-based ID, content keyword etc. search and delete function), and by peel off, the content of record etc. produces function automatically.
In the user's set 10, the device (for example, user's set 10a) that has by the communication function of network 30 can connect to communicate by letter with content providing server 20b with copyright management server 20a.The software of content distribution service and the software of copyright management be downloaded and be installed to the Any user device 10 of described type can for example from content providing server 20b.Therefore, user's set 10 can receive from the content of the encryption of content providing server 20b distribution or receive from the licence of the content key of the content of copyright management server 20a distribution, the service condition of content etc.In addition, user's set 10 can be with the data record that receives to memory device or memory element for example in the movable storage medium.
In addition, user's set 10 can or be peeled off by automatic record (the automatic records of sound, image etc.) produce content again, and with the content record that produces in memory device or movable storage medium.The sound that should be noted that image that camera head that term " automatically record " expression self is had by user's set 10 obtains and/or collected by sound collection means is as the record of the numerical data of image and/or sound.Simultaneously, it is to extract to be recorded in for example music CD of storage medium that term " is peeled off ", digital content (voice data among video DVD or the software cd-ROM, view data etc.), converting digital content to data can be by the data of the file format of Computer Processing, and the data record that will be obtained by the file format conversion is in memory device or removable recording medium.
At user's set 10b, 10c and 10d are linked under the situation of user's set 10a in this mode as mentioned above, download among the user's set 10a and can also can be reproduced by the Any user device that is linked to user's set 10a by the content of its reproduction.If any one of user's set 10 attempts to reproduce content, it is essential being used for the content key of encrypted content so.Equally, content key is an encrypted form, and if user's set 10a obtain and be used for the key of encrypted content key, it can decrypted content keys so, uses the content key decryption content, self reproduces content by user's set 10 then.
Copyright management server 20a sends to the user with content key to make the link process that allows content to be shared by the device that the user had can carry out the information processor of limiting content reproduction simultaneously safely.Especially, copyright management server 20a carries out the user and the registration process of the user's set 10 that had by the user, carry out user and user's set link or user's set between link, and the encrypting and transmitting content key is to user's set 10.
Content providing server 20b is used to provide the server of content and provides service to offer the user content.Content providing server 20b response is distributed to user's set 10 with content by network 30 from the request of user's set 10.
For example, when distribution of music content, content providing server 20b forms the server that electronic music distribution (EMD) service is provided.In this case, content providing server 20b is for example according to the music content of ATRAC3 (senior acoustics transform coding) method or MP3 (mpeg audio layer 3) method compressed encoding distribution object, according to encryption method for example DES (data encryption standard) ciphered compressed coding music content and the music content of encrypting is distributed to user's set 10.In addition, content providing server 20b can be with the content key that is used for decryption content with the content encrypting and transmitting of such encryption to user's set 10.In addition, content providing server 20b can provide content key to copyright management server 20a, makes copyright management server 20a to give user's set 10 by the encrypting and transmitting content key.
Content providing server 20b also can form to provide and produce the server that content is used service, be used for leading subscriber device 10 self by peel off, the use of the content that produces such as record automatically.In this case, the content providing server 20b content key that will be used for decryption content is distributed to user's set 10.Therefore, user's set 10 can use the content key that obtains from content providing server 20b to reproduce user's set 10 self by peeling off the content that waits generation.
Network 30 is with user's set 10, copyright management server 20a and the communication network of content providing server 20b interconnection to communicate by letter betwixt.Network 30 can be by common network internet for example, telephone network or satellite communication network, and dedicated network is WAN for example, and LAN or IP-VPN form and can be any of cable network and wireless network.
Foregoing provides system 100 to have the copyright management function that limiting content uses, and it can strengthen the portability of content between the various user's sets 10 to strengthen the degree of freedom that user's convenience and content are used simultaneously.
<3. the hardware configuration of user's set 〉
Now, description is according to the hardware configuration of the user's set 10 of the present embodiment.Hereinafter, provide description as the hardware configuration example of user's set 10 typical PC 10a and PD 10d.Should be noted that PC 10a and PD 10d as user's set 10 are configured to the multi-form of content processing apparatus of the present invention.
At first, the hardware configuration of describing according to the PC 10a of the present embodiment with reference to figure 3.Fig. 3 schematically shows the example according to the hardware configuration of the PC 10a of the present embodiment.
As shown in Figure 3, PC 10a comprises for example CPU (CPU) 101, ROM (read-only memory) 102, RAM (random access memory) 103, host bus 104, bridge 105 and external bus 106.PC 10a also comprises interface 107, input unit 108, and output device 110, storage device (hard disk drive: HDD) 111, driver 112, connectivity port 114 and communicator 115.
CPU 101 is as arithmetic operator processing unit and control device and according to being stored in procedure operation among ROM102 or the HDD 111 with the assembly of control PC 10a.The particular procedure of being carried out by CPU 101 for example comprises, the encryption and decryption of content are handled, the generation and the checking that are used for the digital signature (MAC (message authentication code) etc.) of the false proof and data verification of data are handled, when content inputs or outputs discriminating and the session key shared processing of carrying out at that time from another user's set 10 that is connected to PC 10a, license evaluation is for example handled in the input and output process control of content, licence, content key etc., copyright management and other must be handled.
ROM 102 storages will be by the program of CPU 101 uses, arithmetic operator parameter etc.ROM102 also can be used as memory contents, licence, the memory element of content key etc.RAM 103 stores the program that is used to carry out by CPU 101 provisionally, the term of execution parameter that suitably changes etc.CPU 101, and ROM 102 and RAM 103 are connected to each other by the host bus 104 that is formed by cpu bus etc.
Host bus 104 is connected to for example PCI (Peripheral Component Interconnect/interface) bus etc. of external bus 106 by bridge 105.
Input unit 108 is used to produce and export the formation such as input control circuit of input signal to CPU 101 by input element for example mouse, keyboard, touch pad, button, switch and control lever.The user of PC 10a can input device 108 with import various data to PC 10a and send handle operation instruction to PC 10a.
Output device 110 is by display unit CRT (cathode ray tube) display unit for example, and liquid crystal display (LCD) device, lamp etc. and voice output for example loud speaker form.The content that output device 110 outputs are for example reproduced.Especially, display unit is shown as the picture material of reproducing the still picture of live image or text or image format.Simultaneously, voice output sends the sound of the sound-content of reproduction.
HDD 111 is the devices that are used for storage that form according to the PC 10a storage area example of the present embodiment.Program that HDD 111 will be carried out by CPU 101 and various storage are on hard disk.In addition, content for example, the various storage of licence and content key are in HDD 111.
Driver 112 is read write lines of storage medium and is configured among the PC 10a or externally provides.Driver 112 is with content, the various data of licence and content key are recorded in for example disk (HD etc.) of removable recording medium 40, CD (CD, DVD etc.), magneto optical disk (MO etc.) or be loaded on the semiconductor memory among the PC 10a or from wherein reproducing various data.
Especially, driver 112 playback records on removable recording medium 40 data and with data via interface 107, external bus 106, bridge 105 and host bus 104 offer RAM103.CPU 101 arrives RAM 103 with storage when needed, in HDD 111 grades.On the other hand, driver 112 receives from CPU 101 and is stored in RAM 103, the data in HDD 111 grades, and data of Chan Shenging or the data obtained from external device (ED) recently, and data are write on the removable recording medium 40.
Connectivity port 114 is that PC 10a is connected to for example port of another user's set 10 of external peripheral devices, and has for example USB terminal of splicing ear, IEEE1394 terminal etc.Interface 107 is passed through in connectivity port 114, external bus 106, and bridge 105, host bus 104 grades are connected to CPU 101 etc.By this connectivity port 114 as mentioned above, PC 10a by local line be connected to user's set 10d etc. and can with the various data of communicating by letter back and forth such as PD 10d.
Communicator 115 is the communication interfaces that formed by communication equipment that is used to be connected to network 30 for example etc.Communicator 115 is with content, and the various data of content key etc. send to for example another user's set 10 of external device (ED) by network 30, copyright management server 20a or content providing server 20b, and receive various data therefrom.
Now, the hardware configuration of describing in detail according to the PD 10d of the present embodiment with reference to figure 4.Fig. 4 is the block diagram that schematically shows according to the hardware configuration example of the PD 10d of the present embodiment.
As shown in Figure 4, PD 10d comprises for example control device 201, flash memory 202, and RAM 203, bus 206, input unit 208, display unit 210, HDD 211, driver 212, decoder 213, communicator 215, audio output circuit 216, remote controllers 218 and earphone 219.
Control device 201 is according to the various procedure operation that for example are stored among flash memory 202 or the HDD 211, and the assembly of control PD 10d.Flash memory 202 storages for example define the program and the various data of the action of control device 201.Flash memory 202 also can be used as memory contents, licence, the storage area of content key etc.Simultaneously, RAM 203 is formed by for example SDRAM (synchronous dram) and the relevant various data of processing of storage and control frame 201 provisionally.
Bus 206 is interconnection control device 201, flash memory 202, and RAM 203, input unit 208, display unit 210, HDD 211, driver 212, decoder 213, communicator 215, the data wire of audio output circuit 216 grades.
Input unit 208 and remote controllers 218 are by executive component touch pad for example, button, control lever, dial etc., and the response user produces input signal to the operation of any executive component and the input control circuit that input signal outputs to control device 201 is formed.The user of user's set 10 can handle action command to user's set 10 by operating in input unit 208 described below or the remote controllers 218 various data of input or input.
Display unit 210 is by for example LCD plate, formation such as LCD control circuit.Display unit 210 form with text or image under the control of control device 201 shows various information.
HDD 211 is the devices that are used for storage that form according to the storage area example of the PD 10d of the present embodiment.HDD 211 is formed and memory contents by the hard disk drive that for example has tens GB memory capacity (HDD), licence, content key, the program of control device 201 and various data.The PD 10d that comprises above-mentioned HDD 211 forms the content record and the transcriber that can write down and reproduce content.Therefore, PD 10d not only can be provided by the content that provides from PC 10a by removable recording medium 40, and can store by local line and receive the content the HDD 211 and reproduce content from PC10a etc.But the present invention is not limited to above-mentioned particular instance, and PD 10d can for example be configured to be exclusively used in content playback and the device that do not comprise HDD211.In this case, PC 10a can read the content that for example is stored in the removable recording medium 40, and only carries out reproduction of content (can not executive logging).
Driver 212 is read write lines of storage medium and is configured among the PD 10d.Driver 212 is content, licence, and the various data of content key etc. are recorded on the removable recording medium 40 that is loaded among the user's set 10b or from wherein reproducing various data.Decoder 213 is carried out the decryption processing of encrypted content, and decoding processing around processing, arrives the conversion process of PCM data etc.
Communicator 215 is by the USB controller, and USB terminal etc. form and with content, licence, and the various data of control signal etc. send to by the local line user's set 10 that connects of USB cable PC 10a for example for example, and receive various data therefrom.
Audio output circuit 216 amplifies by decoder 213 decodings and by the analog audio data of control device 201 DA conversion, and the analog audio data of amplifying is outputed to remote controllers 218.Analog audio data outputs to earphone 219 from remote controllers 218, and the loud speaker from be embedded in earphone 219 (not showing) is as voice output.
Describe in the above as the PC 10a of user's set 10 examples and hardware configuration example reference Fig. 3 and 4 of PD 10d.But, use the user's set 10 of content to be not limited to the example of above-mentioned PC10a and PD 10d, but can comprise for example for example television equipment or portable television of the Audio Players of Setup Type or other electronic installations or information processor of various devices.Therefore, each of user's set 10 carried out according to the distinctive hardware configuration of device and handled.
<4. the functional configuration of copyright management server 〉
The functional configuration of copyright management server 20a is described with reference to figure 5 now.Copyright management server 20a comprises receiving unit 302, sends part 304, registration part 306, and part 308 is sent in link, licence distribution part 310, user profile storage area 312, content key storage part 314 etc.
Receiving unit 302 is by for example communication line, telecommunication circuit, the communication interface that communication equipment etc. form.Receiving unit 302 receives the attribute information that is connected to the user's set 10 of copyright management server 20a by network 30, also receives the information that is input to user's set 10.
Registration part 306 is carried out and is wanted to use content that the new user's of service and/or copyright management service location registration process is provided, and the registration change is handled, and the registration cancellation is handled, the management of user account information (user ID, signal card number, password etc.) etc.For each user of any service of registration, the unique key of user is provided.Here the key that provides can be each other in to and be used for the PKI and the private key of public key encryption, perhaps be used for the Public key that private key is encrypted.Key information stores in the user profile storage area 312 with user ID.
Registration part 306 is also carried out the management of the user's set that is had by the user.Registration part 306 obtains the customizing messages (type of device, model, version etc.) of user's set by receiving unit 302, and device id and the key unique to user's set is provided.Here, device id is the identifying information that user's set can use its unique appointment.Device id can be the device id that sets in advance to user's set, makes user's set to manage with device id.
So, the key information that is provided by registration part 306 stores in the user profile storage area 312 with the relation relevant with user ID or device id, and nodal information produces from user ID or device id and key information.Then, nodal information sends to user or user's set by sending part 304.User or user's set receiving node information and obtain the ID of unique identification in copyright management server 20a.
The key that is provided by registration part 306 is with cause server for encrypting content key or by the content key of user's set enabling decryption of encrypted.For example, if server uses user's public key encryption content key, the user of received content key must use user's private key decrypted content keys so.Therefore, in this case, it is essential in advance user's private key being sent to the user.
Link is sent part 308 and is had the be relative to each other function of the connection or the connection that will be relative to each other by the user's set that the user has of user and the user's set that is had by the user.Especially, link is sent part 308 response and is produced from the input of user's set user's set is linked to user's link information and link information is sent to user's set.Link is sent part 308 and also link information is stored in the user profile storage area 312.For example, suppose that the user who will self be registered in the copyright management service wants freely to reproduce the content of being bought by the user on three user's sets that had by the user.The user will send linking request by owned three user's sets of user to copyright management server 20a.The link of the copyright management server 20a of reception linking request is sent part 308 and is linked to each other with the user with by three user's sets that the user has.
Here, user and three user's sets are linked to the private key that the public key encryption that is to use each user's set each other is stored in the user in the user profile storage area 312.Under the situation that is used to decipher the content key use encrypted private key of buying content by the user, there is not user's private key, the content key of encryption can not be deciphered.But if the user's set that is had by the user is linked to the user, any one of the user's set that is had by the user can be obtained user's private key and use the private key decrypted content keys of obtaining so.In addition, user's set can use the content key enabling decryption of encrypted content of deciphering and reproduce content.
User profile storage area 312 is with relevant with user ID and device id stores key information and the link information of concerning.By obtaining user ID or any device id, copyright management server 20a can obtain and be stored in the user profile storage area 312 and each user or the corresponding key information of user's set.
With reference to figure 6 user profile that is stored in the user profile storage area 312 is described.As shown in Figure 6, user ID 3121, credit card number 3122, user key 3123, device id 3124, Device keys 3125, the information stores that links 3126 grades is in user profile storage area 312.
User ID 3121 and credit card number 3122 are to receive the user account information that the content that offers the user provides the user of service and copyright management service, and are the identifying informations that the user can use its unique appointment.User key 3123 is key informations of distributing to the user ID in the user ID 3121.
Device id 3124 keeps being linked to the user and the ID of the user's set that had by the user.Device keys 3125 remains on the number that content provides unique identification in the system 100.Each number can be when the identification number that is provided with when factory etc. transports to each user's set, perhaps the identification number that is provided with by the registration part 306 of copyright management server 20a.
Device keys 3125 keeps distributing to the key information of user's set.Equally, Device keys 3125 can keep setting in advance to the Device keys of each user's set or the key information that is distributed by registration part 306.
Link 3126 remains the link information that each user's set is provided with.For example, if user's set 1 is linked to " Yamada Taro ", " link A " comprises the information and the information by using Device keys 1 (PKI) encrypting user key A (private key) to obtain of the relating heading of device id and user ID so.The information of each link can send to respective user devices and makes it can store in the storage area of user's set in the link 3126, perhaps the visit of server is obtained by user's set by respective user devices.The stored information of user profile storage area 312 as mentioned above.
Return with reference to figure 5, link is sent part 308 licence of content key is sent to the user who buys content.Therefore, licence sends part 310 and uses users' encrypted private key to be included in content key in the licence, makes content key can be distributed to the user safely.Licence can also comprise the service condition of content etc.The service condition of content key and content can provide from content providing server 20b in addition.
Send the licence that part 310 sends by licence and send to user's set 10 by sending part 304.In addition, licence can store in the user profile storage area 312.
Licence comprises and is used for content aware content ID etc.The user can obtain licence from copyright management server 20a after he buys content, perhaps can obtain licence in advance before he buys content as selecting, and buys content then.
In addition, content key storage is sent part 310 in wherein user profile storage area 312 and licence and be can be used as to be chosen among the content providing server 20b and provide.In this case, content providing server 20b can obtain the information of user key of the encryption that is used for content key etc. and encrypted content key to produce licence from copyright management server 20a.The licence that is produced by content providing server 20b can send to the user's set that is had by the user with content.
Sending part 304 is by for example communication line, telecommunication circuit, the communication interface that communication equipment etc. form.Send part 304 and have the nodal information that sends when registration process carried out by registration part 306, send the link information that part 308 is sent, and send licence that part 310 sends sends to user's set 10 by network function by licence by link.
Content key storage is in content key storage part 314.Content key storage part 314 can receive and store the content key that is produced by content providing server 20b or can store the content key that is produced by copyright management server 20a.For example, copyright management server 20a can produce and send content key to user's set and further send content key to content providing server 20b.The content providing server 20b of received content key can use the content that content key encryption bought by the user and send the content of encrypting to user's set 10.
The functional configuration of copyright management server 20a as mentioned above.Now, description utilizes content that the content providers method of the link system of system 100 is provided.The basic handling flow process of the content providers method of Fig. 7~11 explanation link systems.Being included in content provides user's set (PC) 10 and copyright management server 20a in the system 100 to be connected to each other, to communicate by letter safely betwixt by network 30.
<5. user's set and user registering method 〉
Fig. 7 illustrates the register method of user's set (PC) 10a that is connected to network in the user's set.At first, the appointed information (specification information) of user's set (PC) 10a sends to copyright management server 20a (step S102).Here the appointed information of user's set be can intended user device the information type of device of user's set for example, model, version etc.The appointed information of user's set can respond user's input and send from user's set (PC) 10a, perhaps under appointed information sets in advance situation among user's set (PC) 10a, it sends to copyright management server 20a after can communicating to connect between user's set (PC) 10a and copyright management server 20a setting up.
Appointed information is stored in the user profile storage area 312 of copyright management server 20a (step S104) at the copyright management server 20a that step S102 receives the appointed information of user's set (PC) 10a.In addition, based on the appointed information of user's set (PC) 10a that receives, copyright management server 20a can use its unique appointed equipment ID to be applied to user's set (PC) 10a user's set (PC) 10a.In addition, copyright management server 20a sends the Device keys of user's set (PC) 10a.The device id that so sends stores in the user profile storage area 312 with the relation relevant with the appointed information of user's set (PC) 10a with Device keys.Device keys sends each device and can comprise each other in to the PKI and the private key that use in public key encryption or can be the Public key that uses in private key is encrypted.
Being registered in after step S104 carries out of user's set (PC) 10a, copyright management server 20a sends and is included in the device id that step S104 sends and the node (step S106) of Device keys.The node that sends at step S106 is the information that copyright management server 20a can use its unique intended user device (PC) 10a, and comprises device id at least.But node can comprise the appointed information of Device keys or user's set (PC) 10a etc.The node that sends at step S106 sends to user's set (PC) 10a (step S108).
The nodal information that user's set (PC) 10a will send to copyright management server 20a stores in the memory that is provided in wherein.
The registration be connected to network user's set (PC) 10a method as mentioned above.Now, with reference to figure 8 for example method of PD 10d of user's set that registration is not connected to network is described.
Fig. 8 explanation is not connected to the register method of user's set (PD) 10d of network.At first, the appointed information of user's set (PD) 10d offers user's set (PC) 10a (step S110).For example, the type of device of user's set (PD) 10d, model, versions etc. can send to user's set (PC) 10a after user's set (PD) 10d is connected to user's set (PC) 10a, perhaps the input that can respond the user of the appointed information of user's set (PC) 10d sends to user's set (PC) 10a.
User's set (PC) 10a that obtains the appointed information of user's set (PD) 10d at step S110 sends to copyright management server 20a (step S112) with the appointed information of user's set (PD) 10d.Receive copyright management server 20a registered user device (PD) 10d (step S114) of the appointed information of user's set (PD) 10d at step S112.Especially, at step S114, copyright management server 20a stores the appointed information of user's set (PD) 10d in the user profile storage area 312 into, send device id and the Device keys of user's set (PD) 10d, and device id is stored in the user profile storage area 312 with the relation relevant with the appointed information of user's set (PD) 10d with Device keys.
After step S114 carried out, copyright management server 20a sent the node (step S116) of user's set (PD) 10d in the registration process of user's set (PD) 10d.The node that sends at step S116 comprises that copyright management server 20a can use the identifying information of user's set (PD) 10d of its unique intended user device (PD) 10d and Device keys etc.The node of user's set (PD) 10d that sends at step S116 sends to user's set (PC) 10a (step S118).
User's set (PC) 10a that the nodal information of user's set (PD) 10d sends to from copyright management server 20a at step S118 offers user's set (PD) 10d (step S120) with the nodal information of user's set (PD) 10d.Nodal information stores nodal information into storage area for example in the memory at user's set (PD) 10d that step S120 is provided to.The nodal information of user's set (PD) 10d can store in the memory of user's set (PC) 10a in addition.
In order to make user's set (PD) 10d obtain the content key of content and decryption content, it must be connected to user's set (PC) 10a.Therefore, if user's set (PC) 10a has the information of user's set (PD) 10d that is stored in the there, user's set (PC) 10a can determine whether the content that receives can be reproduced by user's set (PD) 10d so.
Be not connected to network user's set (PD) 10d register method as mentioned above.With reference now to Fig. 9, the user's who uses user's set register method is described.
Fig. 9 illustrates user's register method.The register method of user A is carried out by user's set (PC) 10a that is connected to network.At first, the appointed information of user A sends to copyright management server 20a (step S122).Here, the appointed information of user A comprises the user ID of user A and the credit card number that had by user A etc.User ID is that the user can be used the identifying information of its unique appointment by copyright management server 20a, and can be by identifying information user A appointment or that provided by copyright management server 20a.
The copyright management server 20a that the appointed information of user A sends at step S122 carries out the registration process (step S124) of user A.Especially, at step S124, copyright management server 20a is with the user ID of user A, and L/C No (letter of credit number) etc. store in the user profile storage area 312.In addition, copyright management server 20a sends the user key of user A and user key is stored in the user profile storage area 312 with the relation relevant with user ID etc.
Then, copyright management server 20a sends and comprises the user ID that is stored in the user profile storage area 312 and the node (step S126) of user key.Copyright management server 20a will send to user's set (PC) 10a at the nodal information that step S126 sends.
The user who has user's set will be registered among the copyright management server 20a in aforesaid this mode by network by its user's set that has.In addition, carry out user's registration of using content that the user of service or copyright management service is provided.Therefore, the user's that the copyright management server 20a of copyright management service can use expectation the copyright management service information is provided and the information stores of the user's set that has by the user in user profile storage area 312 and manage these information therein.In addition, copyright management server 20a can store in the user profile storage area 312 with the relation relevant with user or user's set and managing keys information therein to the key information of user and user's set with sending equally.
Copyright management server 20a can obtain the user ID of user A so that know the user's set that had by the user and user's key information by the user's set that is connected to network.For example, be distributed to the user safely in order to be used for the content key of encrypted content, copyright management server 20a can further use the user key encrypted content key of user A.Copyright management server 20a obtains the encryption key of the user A that is stored in the user profile storage area 312 based on the user ID of the user A that obtains and uses the user key encrypted content key of user A.Because do not use the private key of user A, use the content key of the public key encryption of user A not decipher, copyright management server 20a can with content safety send to the user.In addition, can decrypted content keys because only buy the user A of content, the user that restriction can decrypted content keys also is possible.
But even content key can use the encryption key of user A to decipher, if content can not be reproduced on the user's set that is had by user A, user A can not enjoy content so.Provide in the system in this content,, can on user's set, reproduce by the content that user A buys because each user's set is associated with the user.Now, related between user A and the user's set described.
<6. the association between user A and the user's set 〉
Related between Figure 10 and 11 explanation user A and the user's set.At first, related between user's set (PC) 10a be connected to network and the user A described.For connection that user's set (PC) 10a and user A are relative to each other, the node of the user's set that registration process is by mentioned earlier sent (PC) 10a and the node of user A send to copyright management server 20a (step S130).
The copyright management server 20a that obtains the nodal information of the nodal information of user's set (PC) 10a and user A at step S130 produces and is used for link (step S132) that user's set (PC) 10a and user A are relative to each other and join.The link that produces at step S132 comprises for example nodal information of user's set (PC) 10a, the nodal information of user A and relating heading.The nodal information that is included in the link information can be any information that user's set or user can use its unique identification, and can be the device id of user's set or user's user ID.For example, relating heading is the information which node of expression with which node is associated.Relating heading be expression from as user's set (PC) 10a of linked source to information as the direction of the user A that links the destination.
Here, be described in detail in the link that step S132 produces with reference to Figure 11.As mentioned above, user's set (PC) 10a and user A are the node from device id or user ID by copyright management server 20a management.If this nodal information 400 or 402 sends to copyright management server 20a, so copyright management server 20a be provided be included in the link 404 " from " 406 and " to " 408 information.When user's set (PC) 10a will be when user A be associated, as the node ID of user's set (PC) 10a of linked source be set to " from " 406, and the node ID of user A is set to " arriving " 408.Here node ID is the identifying information that is used to discern the node of user's set (PC) 10a or user A, and can be the device id of user's set (PC) 10a or the user ID of user A.
Link 404 can also comprise the key information that obtains as the private information of the user A of link destination as the public key encryption of user's set (PC) 10a of linked source by using.The private information of user A is the information that can only know user A at first, and can be the information etc. of the private key of user A.
Return with reference to Figure 10, the link information that produces at step S132 stores (step S134) in the user profile storage area 312 into the relation relevant with the device id of the user's set that links the destination (PC) 10a.Therefore, each that copyright management server 20a can the user's set of managed storage in user profile storage area 312 with which user is associated.Then, copyright management server 20a sends the device id that comprises user's set, user's user ID and the link information of relating heading (step S136), and link information sent to user's set (PC) 10a (step S138).As mentioned above, the link information that sends to user's set (PC) 10a can comprise the key information that the private information of the public key encryption user A by using user's set (PC) 10a obtains.
User's set (PC) 10a that receives link information at step S138 can know user's set (PC) 10a with which user is associated from the link information that receives.In addition, under user's set (PC) 10a and situation that user A is associated, user's set (PC) 10a can use the key information that is included in the link to know the private information of user A.For example, provide in the service and buy content if user A self is registered to content with user A, content is encrypted and send to user A so.Being used for the content key of encrypted content uses the encrypted private key of user A and sends to user's set (PC) 10a that is had by user A.At this moment, if user's set (PC) 10a is associated with user A, user's set (PC) 10a can obtain the private information that is included in the user A from the link information that copyright management server 20a receives so, and uses the content of private information enabling decryption of encrypted.
Between user's set (PC) 10a that is connected to network and the user A related as mentioned above.Now, with reference to Figure 12 related between user's set (PD) 10d be not connected to network and user's set (PC) 10a described.
At first, user's set (PC) 10a obtains the nodal information (step S140) of user's set (PD) 10d that is connected to user's set (PC) 10a.User's set (PC) 10a that obtains the nodal information of user's set (PD) 10d at step S140 sends to copyright management server 20a (step S142) with the nodal information of user's set (PD) 10d and the nodal information of user's set (PC) 10a self.At step S142, user's set (PC) 10a can send the nodal information of relating heading with user's set (PD) 10d and user's set (PC) 10a.
Produce link (step S144) at the node of step S142 reception user's set and the copyright management server 20a of relating heading information based on the information that receives.As mentioned above, the link information that produces at step S144 comprises the nodal information of user's set (PD) 10d, the nodal information of user's set (PC) 10a and the information of relating heading.
The link information that produces at step S144 is with the relation record to user profile storage area 312 in (step S146) relevant with the device id of user's set (PD) 10d.Then, copyright management server 20a sends the nodal information that comprises user's set (PD) 10d, the nodal information (step S148) of the nodal information of user's set (PC) 10a and the information of relating heading.Then, copyright management server 20a sends to user's set (PC) 10a (step S150) with link information.
From user's set (PC) 10a that copyright management server 20a receives link information link information is offered user's set (PD) 10d (step S152) at step S150.As mentioned above, link information comprises the information that expression user's set (PD) 10d is associated with user's set (PC) 10a.In other words, the nodal information of user's set (PD) 10d be set to link 404 " from " 406, and the nodal information of user's set (PC) 10a is set to link " arriving " 408 of 404.
Link also comprises by the public key encryption that uses user's set (PD) 10d and is stored in key information that the private key of user's set (PC) 10a in the user profile storage area 312 obtains etc.By obtaining link information, user's set (PD) 10d can obtain the information of the private key of user's set (PC) 10a.
In addition, when being linked at step S148 and sending, can be sent out as the link information of user's set (PC) 10a of the link destination of user's set (PD) 10d.Under user's set (PC) 10a and situation that user A is associated, the link information that user's set (PC) 10a and user A is associated with each other also sends to user's set (PD) 10d.Therefore, after user's set (PD) 10d obtained the information of private key of user's set (PC) 10a, it also can use the information of user's set (PC) 10a private key to obtain the information of the private key of user A.
Now, with reference to Figure 13 the key information that is included in the link is described.Figure 13 explanation is included in the key information in the link.
As shown in Figure 13, suppose node A, another Node B and three nodes of another node C are stored in the user profile storage area 312 of copyright management server 20a.As mentioned above, comprise identifying information, the nodal information of key information etc. is distributed to each user's set or each user.Private key, PKI and Public key etc. sends each to user and user's set.
Description is included in the information in the node.Node A 410 comprises PKI (Kpub[A]) 4101, and private key (Kpriv[A]) 4102 and Public key (Ks[A]) 4103.Be used for carrying out under the situation of encryption in the public key encryption method, encrypting uses public-key 4101 carries out and deciphers to use with the paired private key 4102 of PKI 4101 and carry out.On the other hand, under the situation of using the public-key encryption method, same key is used for encryption and decryption, and Public key 4103 is used for carrying out and encrypts and Public key 4103 is used for carrying out deciphering.
The public key encryption method is to be used for the secret method of key that encrypted secret key openly is used to decipher.For example, the PKI 4101 of node A is stored in the PKI file on the network and can be freely quoted by anyone.On the other hand, manage in confidence with the paired private key 4102 of PKI 4101 and make it not obtain by except that copyright management server 20a and user A anyone.
On the other hand, above-mentioned public-key encryption method is that transmit leg and recipient share and the method for secret Public key.For example, the Public key 4103 of node A must be managed in confidence, makes it not obtained by except that copyright management server 20a and user A anyone.
Similarly, Node B 412 comprises the PKI (Kpub[B]) 4121 of Node B, and private key (Kpriv[B]) 4122 and Public key (Ks[B]) 4123.Node C 414 comprises the PKI (Kpub[C]) 4141 of node C, and private key 4142 (Kpriv[C]) 4141 and Public key (Ks[C]) 4143.
As shown in Figure 13, for node A is associated with Node B, link 416 is issued.Link 416 comprises the node ID of node A, the information of relating heading between the node ID of Node B and node A and the Node B.As mentioned above, under node A and situation that Node B is associated, linked source is node A and to link the destination be Node B.In addition, link 416 comprises that PKI 4101 by using node A or Public key 4103 encrypt the key information that private key 4122 and Public key 4123 as the Node B private information obtain.
Obtain link 416 node A and can know node A self with which node is associated and obtains the private information that link destination related with it.Because be included in the private information of the Node B of link in 416 use public-key 4101 or Public key 4103 encrypt, do not use private key 4102 or the Public key 4103 of the node A that self manages in confidence by node A, it can not be decrypted.In other words, the key information that is included in the link 416 can not be deciphered, even anyone except that node A obtains it.
Similarly, link 418 comprises the node ID of Node B, the information of relating heading between the node ID of node C and Node B and the node C.The information that is included in the direction of link in 418 is the direction from Node B to node C, and linked source is a Node B and to link the destination be node C.In addition, link 418 comprises the information that the private information of PKI 4121 by using Node B or Public key 4123 encryption node C obtains.Node B can be from linking private key 4142 or the Public key 4143 that obtains node C 418.
For example, suppose that node C is an information of distributing to the user who buys content.The user who buys content sends to copyright management server 20a with node C.Reception uses PKI as the node C of client public key (Kpub[C]) to be used for encrypting the content key (KC) by the content of user's purchase as the copyright management server 20a of the node C of user node.The content key of encrypting with the PKI 4141 of node C 420 sends to user's set (PC) 10a that is had by the user.
If Node B is applied to user's set (PC) 10a that had by the user,, use the content of content key encryption can not be so in the last reproduction of user's set (PC) 10a if can not use the private key deciphering of Node B so with the content key of the public key encryption of node C.But, being issued to Node B if link 418, Node B can be obtained the private information of node C based on linking 418 information so.If the user's set that Node B is assigned to (PC) 10a can obtain the user's that node C is assigned to private information, user's set (PC) 10a can use the private key that is included in the user in the private information to come decrypted content keys 420 so, uses the content of content key 420 enabling decryption of encrypted then.
If node A is applied to user's set (PD) 10d that user's set (PC) 10a is connected to, user's set (PD) 10d can use the private information of encryption of the secret key decryption Node B of self so.In addition, user's set (PD) 10d can use the private key that is included in the Node B in the link 416 to decipher the private information that is included in the node C in the link 418.User's set (PD) 10d that node A is assigned to and that obtain node C private key can use the content key 420 of the PKI enabling decryption of encrypted of node C, uses the content of content key 420 enabling decryption of encrypted then.
In Figure 13, node A is associated with Node B, and Node B is associated with node C.But node A can directly be associated with node C in addition.In this case, the link information that is issued to node A comprises the node ID of the node A that is set to linked source and is set to link the node ID of the node C of destination.Link information also comprises the key information that the private information by the public key encryption node C that uses node A obtains.
In order to make the user who buys content reproduce content on the user's set that is had by the user, user's set obtains and is used for the information of user key of encrypted content key is essential.Each user's set based on the link information that is issued to user self obtain be used for encrypted content key user key and use the user key decrypted content keys.
So use user's public key encryption and send under the situation of the user's set that is had by the user being used for the content key of encrypted content, the content of encryption can be deciphered and reproduce to the user's set that is associated with the user.The content key that promptly is used in encrypted content does not use the unique secret key encryption of each user's set to being used to reproduce, based on link information obtain be used for encrypted content key key information and to use the key information decrypted content keys be possible.User's set can know user's set self with which user is associated.In other words, user's set can know from link information that user's set can obtain which user's private information.
Be included in the link key information as mentioned above.Now, with reference to Figure 14 the licence of being issued by copyright management server 20a is described.
<7. licence 〉
Figure 14 illustrates the distribution of licence by copyright management server 20a.Comprised by the licence of copyright management server 20a distribution being used to decipher the information etc. of being bought the content key of content by the user, it is essential for reproducing content.The content key that is included in the licence also uses encryptions such as user key, and the user's set etc. that obtains licence can know which user key content key uses encrypt in the various information from be included in licence.Can be if obtain the user's set etc. of licence based on decrypted content keys such as above-mentioned link informations, it can use content key to reproduce the content of encrypting so.
User's set (PC) 10a sends to copyright management server 20a so that obtain the reproduction necessary licence of content (step S160) with the content ID of unique identification content and the nodal information of user A.As mentioned above, if the user's set that is had by user A is associated with user A, the licence that is issued to user A so also can be used by the user's set that is associated with user A.
Use the public key encryption of user A to be used for the content key (step S162) of encrypted content at the copyright management server 20a of step S160 received content ID and user A nodal information.Then, copyright management server 20a produces the licence (step S164) of the content key that is included in step S162 encryption.
Be described in the licence that step S164 produces with reference to Figure 15.As shown in Figure 15, licence 440 comprises content key 441, control 444, protector 447, controller 450 etc.Content 430 is used the content key encryption that is included in the licence 440, and the content 432 of encrypting sends from content providing server 20b.
The content key 441 that is included in the licence 440 is to use the form that is included in the secret key encryption from the nodal information that user's set (PC) 10a sends.For example, if the nodal information of user A sends from user's set (PC) 10a, content key uses the public key encryption of user A so.Protector 447 comprises as the content ID of content identification information with as the content key ID of content key identifying information.Can discern which content from the information being included in protector 447 should reproduce by occupancy permit 440.
Control 444 comprises the control code 446 as the service condition of content etc.Control code 446 comprises the reproduction of content condition bought by the user etc., and uses content in the scope of the service condition that will describe in control code 446 of user.Control code 446 can comprise additionally that expression licence 440 is issued to the information of which node.
The user's set that obtains licence 440 decides licence 440 to be issued to which node with reference to control 444.If the result of decision indicates licence 440 to be issued to the user who is associated with user's set, user's set can reproduce content by occupancy permit so.
Controller 450 is the information that content key 441 and control 444 is associated with each other and comprises the identifying information of content key 441 and the identifying information of control 444.In addition, in order to determine the forgery of content key 441 and control 444, controller 450 can also comprise the hashed value 453 of content key 441 and the hashed value 454 of control 444.For example, when licence 440 when copyright management server 20a sends to user's set etc., if the content key 441 that is included in the licence 440 is forged, so the hashed value of determining from content key 441 be included in hashed value the controller 450 and become and differ from one another.Therefore, can determine whether content key 441 is forged.And the forgery of control 444 can be determined from hashed value 454, and when licence 440 sent, the rewriting of content service condition etc. can be found out.The description of licence is finished with this.
Return with reference to Figure 14, the licence that produces at step S164 is issued to user's set (PC) 10a (step S116) and sends to user's set (PC) 10a (step S168).
User's set (PC) 10a that receives licence at step S168 uses the key information decoding that is included in the link to use the content key of the user's who has user's set (PC) 10a user key encryption.Then, user's set (PC) 10a can use the content key deciphering of deciphering and reproduce the content of using content key encryption.
The distribution of licence is carried out in aforesaid mode.Now, describe with reference to Figure 16 and reproduce the functional configuration of user's set 10 that its copyright is subjected to the content of link system protection.In the following description, user's set 10 is called content playback unit 10.
<8. the functional configuration of content playback unit 〉
Content playback unit 10 comprises link information receiving unit 540, content information receiving unit 541, content choice part 542, content receiving unit 544, content information storage area 546 and link information storage area 548.Content playback unit 10 also comprises deciding section 550, key handling part 552, reproducing control section 554, content key decryption portion 556, content stores part 558, contents reproducing section 560 etc.
Link information receiving unit 540 receives link information from copyright management server 20a.As mentioned above, link information comprises a pair of identifying information clauses and subclauses, one expression linked source and another expression link destination.Identifying information is that copyright management server 20a uses its unique identification user's identifying information (user ID) or the identifying information (device id) that copyright management server 20a uses its unique identification content playback unit.Link information also comprises by using being encrypted by the user of the identifying information appointment that is set to linked source or the unique key of content playback unit by the user of the identifying information appointment that is set to the link destination or the information that the unique key (user key or Device keys) of content playback unit obtains.
The link information that 548 storages of link information storage area are received by link information receiving unit 540.Link information storage area 548 stores link information are with the incidence relation between the device id of setting up the content playback unit 10 (being called self device hereinafter) under the link information storage area 548 and the user ID of using the user who self installs.More particularly, link information storage area 548 produces its starting point and is self device and its point of arrival route for the user according to being stored in wherein link information, to realize the incidence relation between the user that self device and use self installed.Under the situation that route forms, content playback unit 10 can be followed the tracks of link information and to use the unique Device keys of self device be deciphered the user's who is associated with self device user key.
Content information receiving unit 541 is from copyright management server 20a received content information.Especially, content information receiving unit 541 by communication network from copyright management server 20a received content information.Content information comprises content ID, the metamessage of content, the content key of encryption, user ID and use restricted information.Content information receiving unit 541 stores the content information that receives in the content information storage area 546 into.
Content information storage area 546 content information stored.Content information storage area 546 is formed by RAM or HDD.
Content choice part 542 selects to be stored in the content information in the content information storage area 546.Especially, content choice part 542 comprises and is used for showing the display part display unit for example that is included in the content metadata in the content information that is stored in content information storage area 546, and by user's operation with the importation of selecting expectation clauses and subclauses metamessage for example mouse or keyboard.Content choice part 542 will offer reproducing control section 554 with the content ID by the consistent content of the metamessage of user's selection.
In addition, content choice part 542 is selected one the contents table that sends to the there from content sending apparatus, two or more contents.The contents table that sends from content sending apparatus be the purport of content for example content title can be from the information of identification wherein, and one, two or more content title are selected by user's input.
The reproduction of reproducing control section 554 limiting contents.Reproducing control section 554 is obtained the content ID that obtains from content choice part 542 from content information storage area 546 and is included in wherein content information.Then, whether reproducing control section 554 decides the reproduction of content of being selected by content choice part 542 to allow based on the use restricted information that is included in the content information that obtains.Especially, for example, whether reproducing control section 554 each reproduction of content number of times of storage and the reproduction that relatively is included in the use restricted information allow number of times and the reproduction number of times that is stored in wherein, can allow with the decision reproduction of content.Whether perhaps, reproducing control section 554 relatively is included in the reproduction of using in the restricted information and allows date and time and current date and time, can allow with the decision reproduction of content.
Deciding section 550 based on be included in the content information user ID with link information storage area 548 in the consistent user ID of self device, decide content key decryption portion 556 whether should carry out the deciphering of content key.Especially, deciding section 550 is obtained content information from reproducing control section 554.Then, deciding section 550 relatively be included in the content information that obtains user ID with link information storage area 548 in the consistent user ID of self device, if and two user ID correspond to each other, deciding section 550 allows the decryption processing of content keys by content key decryption portion 556 so.When decryption processing is carried out, deciding section 550 make key handling part 552 beginning its handle with continue content playback unit 10 with reprocessing.Two user ID meaning that corresponds to each other is that of user ID can draw from another user ID according to predetermined rule, and comprises the situation that two user ID are consistent each other.
The particular instance of the processing of being carried out by deciding section 550 is described with reference to Figure 19.At first, deciding section 550 checks whether the user ID that is included in the content information that obtains is stored in the link information storage area 548.If user ID is stored in the link information storage area 548, deciding section 550 checks that based on link information its starting point is whether the route of user ID produces for self device and its point of arrival in link information storage area 548 so.In brief, deciding section 550 search link the link information (for example linking A) (step S230) that information storage parts 548 are set to link the destination to search the user ID that is included in the content information.
If peer link information found (step S232), deciding section 550 decision is set to link the device id (step S234) whether the identifying information of the linked source of A is self device so.If the linked source of link A is the device id that self installs, its starting points of deciding section 550 decision are that the route of user ID produces for self device and its point of arrival so, and the permission content key is by the decryption processing (step S238) of content key decryption portion 556.
If the linked source at step S234 link A is not the device id that self installs, the identifying information of the linked source of deciding section 550 searching link A is set to link the other link information (for example, link B) (step S236) of destination so.If peer link information does not find, its starting points of deciding section 550 decision are that the route of user ID does not also have generation and do not allow the decryption processing (step S240) of content key by content key decryption portion 556 for self device and its point of arrival so.On the other hand, if peer link information finds at step S206, deciding section 550 decision is set to link the device id (step S234) whether the identifying information of the linked source of B is self device so.
If above-mentioned processing repeats to be stored in the link information storage area 548 up to the link information that the device id that self installs is set to linked source to follow the tracks of link information, deciding section 550 allows the decryption processing of content keys by content key decryption portion 556 so.
When deciding section 550 allows the decryption processing of content key, it from the link information of the above-mentioned processing appointment of the route of self installing user ID (for example will be used for producing, link A, link B and link C) and offer key handling part 552 from the content information that content information storage area 546 obtains.
Key handling part 552 is installed consistent user's user key based on the link information deciphering that is stored in the link information storage area 548 with self.Especially, key handling part 552 is obtained link information and is at first used the unique Device keys of self device deciphering to be included in its linked source from deciding section 550 and is the enciphered message (key) the link information (for example linking C) that self installs.Then, before key handling part 552 is used at once the key of deciphering decipher enciphered message (key) in the link information (for example linking B) that the identifying information that is included in the link destination that is set to link C is set to linked source.The processing that key handling part 552 repeats to describe just now is included in user ID with deciphering and is set to link enciphered message in the link information (for example linking A) of destination (just, using the user key of secret key encryption of the linked source of link A).After this, key handling part 552 offers content key decryption portion 556 with the user key of deciphering with from the content information that deciding section 550 is obtained.
Content key decryption portion 556 is obtained content information and user key from key handling part 552, and uses the user key that obtains to decipher the content key that comprises in the content information that obtains.Content key decryption portion 556 will be included in content ID in the content information and the content key of deciphering offers contents reproducing section 560.
Contents reproducing section 560 is obtained content ID and content key from content key decryption portion 556, and obtains the content by the content ID appointment of obtaining, and uses the content key decryption content and reproduces content.
Reproducing control section 554 from received content such as copyright management server 20a or another computer and with the content stores that receives to content stores part 558.
Now, describing which information simply with reference to Figure 17 is used to carry out various processing by the processing section relevant with content playback.
Information stores relevant with content playback in the content playback unit 10 is in content information storage area 546 and link information storage area 548.Content information storage area 546 one or more groups content informations of storage, each comprises user ID 562, at least one content metamessages 564, at least one content key 566 uses restricted information 568 and content ID (not showing).
Link information storage area 548 is stores link information as mentioned above.But, especially, at least one device id 570, user ID 572, relating heading 574, user key 576 and at least one Device keys 578 are stored as link information with the relation that is relative to each other.Should be noted that relating heading 574 indications are included in linked source and the link destination in every link information.
Deciding section 550 is used the user ID 562 that is stored in the content information storage area 546, and is stored in the device id 570 in the link information storage area 548, and user ID 572 and relating heading 574 are carried out above-mentioned decision and handled.
The decryption processing that key handling part 552 uses the user key 576 that is stored in the link information storage area 548 and Device keys 578 to carry out above-mentioned user key.
Reproducing control section 554 uses the use restricted information 568 that is stored in the content information storage area 546 to carry out the decision processing whether reproduction should be carried out.
Content key decryption portion 556 is used the content key 556 that is stored in the content information storage area 546 and is stored in the decryption processing of the user key 576 execution foregoing keys in the link information storage area 548.
The functional configuration of content playback unit 10 as mentioned above.Can provide in a computer to form content playback unit 10 though should be noted that above-mentioned all functions, function can be distributed to a plurality of computers that are used as single content playback unit 10 usually.The flow process of the content playback processing of being carried out by content playback unit 10 is described with reference to Figure 18 now.
<9. the flow process handled of content playback 〉
Content playback unit 10 is at first selected content (step S400) to be reproduced.More particularly, content playback unit 10 receives user's input and handles, and its content choice part 542 is specified the content ID that waits to reproduce content.
Then, content playback unit 10 obtains the use restricted information (step S402) that is included in the content information.More particularly, reproducing control section 554 is obtained and is associated with content information in step S400 appointment and comprises use restricted information from the content ID of content information storage area 546.
Then, whether content playback unit 10 decision reproduction of content should allow (step S404).More particularly, whether reproducing control section 554 should allow based on the use restricted information decision reproduction of content of obtaining at step S402.If the result of decision allows to reproduce, handle advancing to step S406 so.On the other hand, when reproducing when should not allow, content playback unit 10 end process and do not carry out reproduction of content.
At step S406, content playback unit 10 will be included in user ID in the content information and the point of arrival of route compares mutually.More particularly, deciding section 550 will be included in the user ID in the content information of step S402 appointment and the user ID that is associated with self device in the link information storage area 548 compares mutually.
Then, whether the deciphering of content playback unit 10 decision content keys should carry out (step S408).More particularly, if two user ID that compare mutually at step S406 are consistent each other, deciding section 550 allows the deciphering of content key so, and processing advances to step S410.On the other hand, if two user ID are inconsistent each other, deciding section 550 does not allow the deciphering of content key and end process and does not carry out reproduction of content so.
After this, content playback unit 10 decrypted user keys (step S410).More particularly, key handling part 552 uses the Device keys that self installs to decipher the user key that is stored in the coding in the link information storage area 548.Should be noted that when needed key handling part 552 uses the Device keys of the content playback unit 10 self the installing except that being stored in link information storage area 548 in to carry out the deciphering of user key.
Then, content playback unit 10 decrypted content keys (step S412).More particularly, content key decryption portion 556 is used at the user key of step S410 deciphering and is deciphered the content encoded key that is included in the content information.
Then, content playback unit 10 deciphering content (step S414) to be reproduced.More particularly, contents reproducing section 560 is used the content key deciphering content encoded in step S412 deciphering.
After this, content playback unit 10 reproduces content (step S416).More particularly, contents reproducing section 560 is reproduced in the content of step S414 deciphering.The flow process that the content playback of being carried out by content playback unit 10 is handled as mentioned above.
<10. the notion of key management 〉
The notion of key that user's set has bunch is described with reference to Figure 20 now.Each user's set has the necessary key of decrypted content keys bunch, and uses key bunch to decipher the content encoded key.
Figure 20 illustrates the notion of key management in the present embodiment.Each user's set adopts the notion as the tree structure of reference number 460 expressions in the present embodiment.Especially, tree structure 460 comprises the node key of distributing to each node, comprises the Kroot key 461 and the K0 key 462 that are positioned at the tree structure top, K1 key 463, and K10 key 464, K11 key 465 ...In addition, in lowermost level, be assigned with by user's set I and the unique user key that has of J, for example the KI key 468, another KJ key 469 ...Here, supposing that each node key uses in tree structure near the node key below it encrypts.For example, K1 key 463 uses K10 key 464 or K11 key 465 to encrypt.
On the other hand, open (or Sec) key 471 is corresponding to Kroot key 461.Especially, content key 472 uses Kroot key 461 to encrypt.Though content key uses the public key encryption of node C in Figure 13, more particularly, it uses Kroot key 461 to encrypt.
Here, in order user's set I to be obtained be used for the content key 472 of decryption content, comprise the KI key, E (KI key, the K100 key), E (K100 key, K10 key), E (K10 key, the K1 key), (open (or Sec) key, key CK) bunch is essential for E (K1 key, Kroot key) and E.Key bunch is included in the content main body.
So, the user's set that is had by the user can use key that it has bunch to obtain Kroot key 461 and decrypted content keys 472.As mentioned above, in the present embodiment, the content under copyright protection can be shared by the different device that the user has according to link system.
The copyright managing method that is adopted by information processing compartment system 500 as mentioned above.Now, handle a general configuration of compartment system 500 with reference to Figure 21 descriptor.
The overall arrangement of<11. information processing compartment systems 〉
As mentioned above, information processing compartment system 500 comprises management server 600, information processor 601 and 602, user's set (PD) 604 etc.Management server 600 and information processor 601 and 602 are connected in the limited range network in the family for example, and can send and receive information betwixt.
As by the private network that uses such as the individual in the family etc., wired lan (local area network (LAN)), radio LAN, W-PAN (Wireless Personal Network) etc. are available.For example, W-PAN allows radius to be approximately the radio system of interior high-speed transfer among a small circle of 10m.Can in the scope of W-PAN, can obtain the information of peripheral radio terminal each other by the device of radio communication mutually, make radio terminal be in them and can be connected in each other the state.
The radio circuit of Shi Yonging can the executive communication terminal can communicate with one another and not have the specific communication of the intervention of access point in the family.In this specific communication, communication terminal can directly and each other be carried out radio communication asynchronously under the management of CSMA agreement.In addition, in the UWB of IEEE 802.15.3 (ultra broadband) communication, Network Management is carried out by access point, and above-mentioned specific communication (or the communication of net formula) is realized by the data communications method of the packet configuration that uses preamble.Be called home network hereinafter as this network of describing just now that uses in the family.
Information processor 601 and 602 has the function of foregoing transcriber 10 in addition and they can be connected to self copyright management server 20a to obtain content information from copyright management server 20a, link information etc.In addition, information processor 601 and 602 is according to the deciphering of above-mentioned link system and the encrypted content that provides from content providing server 20b is provided.
In addition, though each of information processor 601 and 602 can form personal computer, the DVD register, audio devices etc., it is not limited to any one of said apparatus.Information processor 601 and 602 can be provided by the information processing relevant with the content that provides from content providing server 20b.The information processing relevant with content can comprise the deciphering of content, uses the checking of the necessary certificate of content, and the compression of music data.
It is to be compressed into processing by the data of for example above-mentioned ATRAC3 method of compaction coding method or the compression of MP3 method with for example being recorded in music data on the CD that the compression of music data is handled.For example be recorded in voice data on the CD and be numerical data according to the sound of records such as PCM (pulse code modulation) method.The PCM method is to convert tones into one of the method for numerical data and digitlization and recording voice after every Fixed Time Interval.Be recorded in voice data record on the CD for quantification 16 bit data of the sample frequency of 44.1kHz (digitlization in second 44,100 times) sampling (voice data with 0~65,535 65,536 grades of expressions).
By being recorded in the voice data on the CD according to compressions such as ATRAC3 method, MP3 methods, voice data can be compressed into data volume and be reduced to about 1/10th and sound quality is similar to optical disc data.Use this compression method to extract as mentioned above and be recorded in for example music CD of recording medium, digital content (music data on video DVD or the software cd-ROM, view data etc.), the content that digital content is converted to the file format that content can be handled by information processor is called the content stores of this form then and peels off in storage device or removable recording medium.
For example above-mentioned the peeling off of the information processing relevant with content comprises the many processing that the CPU of information processor 601 and 602 applied heavy load and many processing times of needs.In the present embodiment, for example, to peel off under the situation about carrying out by information processor 601, the compression processing that CPU is applied heavy load can use the different information processors that self install and be connected to home network to handle effectively with distributed relation.
For example, distribute to the processing of the information processor of handling the request destination and determine, carry out distributed treatment to consider whole home network than the resource information and the loading condiction that can respond other information processors that are connected to home network.Hereinafter, sending the information processor that processes request to another information processor is request source information processor 601, is request destination information processing unit 602 and ask the information processor of destination as processing.
Management server 600 is the identifying informations that are connected to the information processor of home network with the storage of the relation that is relative to each other, and as the processing type of processing capacity type, the computer of resource information etc.Management server 600 response sends the resource information of request destination information processing unit 602 etc. from the request of request source information processor 601.Management server 600 can have information processor 601 makes it also can carry out the information processing relevant with content with 602 function.
User's set (PD) the 604th, portable content transcriber and can be to comprise portable audio player with hard disk drive of tens GB memory capacity (HDD) for example etc.User's set (PD) 604 is connected to information processor 601 by USB cable etc., and information processor 601 is connected to home network again, makes it obtain content information by the computer of information processor 601.For example, the content of being peeled off by information processor 601 sends to user's set (PD) 604 and makes that content can be by user's set (PD) 604 reproductions.At this moment, if request source information processor 601 and user's set (PD) 604 is associated with each other by above-mentioned link system, their content and contents that can send safely and be received under the copyright protection can be reproduced on user's set (PD) 604 so.
The overall arrangement of information processing compartment system 500 as mentioned above.The functional configuration of management server 600 and request source information processor 601 is described with reference to Figure 22 now.
The functional configuration of<12. management servers and request source information processor 〉
The functional configuration of Figure 22 management server and request source information processor.Management server 600 comprises handles type receiving unit 630, and information processor is selected part 632, and device information sends part 634, device information storage area 638 etc.
Handle the type that type receiving unit 630 receives by request source information processor 601 processing of request from request source information processor 601.Handle type a kind of processing of the function executing that provides for information processor is provided, and can be decryption processing for example, encryption, compression be handled etc.Each of information processor comprises one, two or more processing capacities, and they may be different with those of other information processors.
The identifying information that concern stored information processing unit of device information storage area 638 to be relative to each other, resource information is handled type etc.For example, as shown in Figure 25, device information storage area 638 comprises identifying information 701, type of device 702, and IP address 703, CPU 704, and physical memory 705 is handled type 706 etc.Each information processor in the identifying information 701 indication home networks can use the information of its unique identification, and can be the identifying information that sets in advance and obtain and store, and perhaps can be provided with by management server 600.When information processor additionally was connected to network, the information of each information-storing device can store in the device information storage area 638.By the configuration of describing just now, even the user does not know that the information of distributed treatment information necessary processing unit can be stored and manage in device information storage area 638.
The information that CPU 704 indication expression CPU carry out.The information of the capacity value of the storage device that provides in each information processor is provided physical memory 705 dial gauges.CPU 704 and physical memory 705 are also referred to as the resource information of information processor.Handle the information that the function type that provides in each information processor is provided type 706 dial gauges.As shown in Figure 25, the processing type that comprises the information processor of carrying out decryption processing and encryption function can be set to 101, and comprising the execution decryption processing, the processing type of another information processor of encryption and compression processing capacity can be set to 103.
The device information that is stored in information processor in the device information storage area 638, that be connected to home network can send from each information processor.In addition, when information processor is connected to home network, the device information of the information processor of connection is not stored under the situation in the management server 600, and management server 600 can obtain and the device information of stored information processing unit.In addition, under the situation that the resource information of any information processor etc. changes, the device information that is stored in the device information storage area 638 can upgrade.
Return with reference to Figure 22, information processor selects part 632 bases to select information processor from the information processor of processing type from be stored in device information storage area 638 of handling 630 receptions of type receiving unit, and obtains the identifying information 701 of selected information processing unit.For example, if the processing type 706 that sends from request source information processor 601 is " 103 ", the processing type 706 of information processor selection part 632 deriving means information storage parts 638 is identifying informations 701 of the information processor of " 103 " so.In this case, handling type 706 about two information processors is " 103 ", and it has the identifying information of " 002 " and " 003 ".
Device information sends part 634 and will select the identifying information of the information processor that part 632 selects and the device information that is associated with identifying information to send to request source information processor 601 by information processor.For example, identifying information 701 at the information processor of being selected part 632 to select by information processor is under the situation of " 002 " and " 003 ", and device information sends CPU 704 and the physical memory 705 that part 634 sends the device information of those information processors.At this moment, device information sends the device information that part 634 can send other information processors except that request source information processor 601.
Request source information processor 601 comprises processing execution acceptance permission/refusal query portion 610, and information on load obtains part 612, and request destination determining section 614 and information send part 616.Request source information processor 601 comprises that also handling type sends part 618, device information receiving unit 620, link information storage area 622, key handling part 624, information encryption part 626 etc.
Handle type and send part 618 transmission processing types to management server 600.Type is to carry out the type of the processing necessary processing capacity relevant with content and is for example information of decryption processing or encryption of expression processing type.Device information receiving unit 620 receives as handling the request destination, have to depend on and handle type and the identifying information and the device information of the request destination information processing unit 602 of the function of appointment, and the identifying information that receives and device information are offered processing execution accepts permissions/refusal query portion 610 and ask destination determining section 614.
Processing execution accept permissions/refusal query portion 610 will about the execution of processing whether acceptable inquiry the request destination information processing unit 602 of the identifying information that provides from device information receiving unit 620 is provided.Then, processing execution acceptance permission/refusal query portion 610 will offer information on load to the Query Result of request destination information processing unit 602 and obtain part 612.Information on load obtains part 612 and obtains the current information on load of request destination information processing unit 602 that can accept processing execution, and information on load is offered request destination determining section 614.Here information on load is the CPU usage or the memory usage of request destination information processing unit 602.Information on load obtains the transmission line capacity that part 612 can also get access to request destination information processing unit 602, the definite transmission line information on load etc. and provide it to request destination determining section 614 by the execution of ping.
Request destination determining section 614 is obtained the information on load of the request destination information processing unit 602 that part 612 provides from information on load, determines to comprise the request destination of the processing of self device estimation transmission period of determining from the transmission line information on load etc.In addition, request destination determining section 614 can determine to handle the ratio that should carry out.
For example, packed record the processing of the voice data on the CD with situation about being performed under, determine compression should be distributed to request destination information processing unit 602 according to how many ratios that PCM method etc. is recorded in the processing of the music data on the CD.Have at CD under the situation of music data of record 10 first songs thereon, request destination determining section 614 can determine to make four first songs to be compressed by self device, and the request that the compression of execution residue six first songs is handled is issued to request destination information processing unit 602.
Link information storage area 622 and key handling part 624 have the function that is similar to link information processing section 548 and key handling part 552 respectively, and therefore, being repeated in this description of function here omitted to avoid redundant.
Information encryption part 626 is obtained the unique and user key that obtained by key handling part 624 to the user who has request source information processor 601, and uses the user key that obtains to encrypt the information relevant with content.For example, be to wait to ask under the situation of the object handled information encryption part 626 enciphered datas being recorded in data on the CD.In the data that are recorded on the CD is under the situation of music data, and when data were encrypted, they may be encrypted for every first song.For offering information, every first song ciphered data sends part 616.
Information sends part 616 and sends to request destination information processing unit 602 with the ratio division of being determined by request destination determining section 614 by information encryption part 626 ciphered data and with the data of dividing.For example, under the situation that music data is encrypted each song as mentioned above, information sends resource information and the information on load that part 616 can response request destination information processing unit 602 and sends the data of four first songs in the 10 first songs, and asks this request destination information processing unit 602 to carry out the compression processing of data.
Management server 600 and request source information processor 601 have this as mentioned above functional configuration.Now, with reference to Figure 23 functional configuration as the request destination information processing unit 602 of the request destination of handling is described.
The functional configuration of<13. request destination information processing unit 〉
Figure 23 shows the functional configuration of request destination information processing unit 602.Request destination information processing unit 602 comprises that accepting permission/refusal determination result sends part 640, and information on load sends part 642, and message pick-up part 644 and processing execution result send part 646.Request destination information processing unit 602 also comprises processing execution acceptance permission/refusal deciding section 648, information on load 710, decrypts information part 650, processing execution part 652, result encryption section 654, link information storage area 656, key handling part 658 etc.
When acceptable inquiry is when request source information processor 601 receives about the execution handled, processing execution is accepted permissions/refusal deciding section 648 reference load information 710 and is decided and self installs the processing of the source information processing unit 601 that whether can accept request.As shown in Figure 26, information on load 710 comprises the CPU usage 711 of request destination information processing unit 602, physical memory utilization rate 712, work acceptance 713 etc.Processing execution is accepted permissions/refusal deciding section 648 and is obtained the work that is included in the information on load 710 and accept 713 work and accept permission/refusal information, and will obtain the result and send to acceptance permission/refusal determination result transmission part 640.
Accept permissions/refusal determination result transmission part 640 and will send to request source information processor 601 by the processing execution acceptance permission/refusal determination result that processing execution is accepted permission/refusal deciding section 648 and provided.When it when request source information processor 601 receives inquiry about information on load, information on load sends part 642 and will be included in resource operating position in the information on load 710 for example CPU usage 711 and physical memory utilization rate 712 send to request source information processor 601.
Message pick-up part 644 receives from the information of object 601 transmissions of request source information processor, that the conduct request is handled, and the information that receives is offered decrypts information part 650.Information in the conduct request process object that provides from message pick-up part 644 is under the situation of encrypted form, and decrypts information part 650 is used information unique to the user who uses request source information processor 601 and that user key that receive from key handling part 658 comes the decryption processing object.
Link information storage area 656 and key handling part 658 have respectively the function substantially similar with above-mentioned link information storage area 548 and key handling part 552, and therefore, being repeated in this description of function here omitted to avoid redundant.After encrypting with the user's who uses request source information processor 601 user key, it sends as mentioned above, with as the relevant information of the content of process object.Use is connected to request source information processor 601 each other and asks the user of destination information processing unit 602 by home network is same individuals, and request source information processor 601 is associated with each other by above-mentioned link system with request destination information processing unit 602.Therefore, the user key that is stored in request source information processor 601 and the request destination information processing unit 602 is mutually the same, and information can be communicated by letter between information processor 601 and 602 safely, if for example user's Public key is used for carrying out encryption and decryption.
The information that processing execution part 652 is handled by 650 deciphering of decrypts information part.For example, if the request that music data is sent out and the music data compression is handled is issued, processing execution part 652 is carried out the compression processing of music data so.Result encryption section 654 uses the result of user key encryption operating part 652.
Processing execution result sends part 646 will be sent to request destination information processing unit 602 by the result that result encryption section 654 is encrypted.And here, user's Public key can be used for according to private key encryption method encryption and decryption result and send and receive information safely.
According to above-mentioned information processing compartment system 500, when execution provided heavy load and need the processing of plenty of time, processing can be considered to be connected to the resource information of a plurality of information processors each other and information on load and to be distributed effectively by home network.In addition, because it is associated with each other by link system to be connected to the information processor of home network, the information of request object can use the user key that is stored in each information processor to send safely and receive.In other words, distribution process realizes that the copyright of the content of request object is protected simultaneously.
Request destination information processing unit 602 has aforesaid functional configuration.Now, with reference to Figure 24 the location mode of carrying out the information relevant with content is described.
The distributed approach of<14. information relevant〉with content
At first, request source information processor 601 sends and handles type to management server 600 (step S500).The information processor (step S502) that management server 600 selections that the processing type sends to from request source information processor 601 at step S500 have the processing type of reception.In addition, management server 600 obtains the identifying information of information processor of the processing type with reception and the device information of the information processor that is associated with identifying information.
The identifying information and the device information of the information processor of selecting at step S502 send to request source information processor 601 (step S504).Step S504 obtain as the request source information processor 601 of the identifying information of the request destination information processing unit of handling the request destination and device information will about the execution handled whether acceptable inquiry be issued to request destination information processing unit 602 (step S506) based on identifying information.
Step S508 from request source information processor 601 receive about the execution handled whether the execution handled of request destination information processing unit 602 decisions of acceptable inquiry whether can accept (step S510).Whether acceptable determination result sends to request source information processor 601 (step S512) in the execution of carrying out at step S510, handle.
Step S512 from request destination information processing unit 602 receive the execution handled whether the request source information processor 601 of acceptable determination result will be issued to the request destination information processing unit 602 (step S514) that can accept processing execution about the inquiry of current information on load.Receive at step S516 that for example current C PU utilization rate or physical content utilization rate send to request source information processor 601 (step S518) with information on load about the request destination information processing unit 602 of the inquiry of information on load.
The request source information processor 601 that receives the information on load of request destination information processing unit 602 at step S518 considers to be connected to resource information and the information on load that home network comprises the information processor of self device, waits to determine that to the transmission line capacity of other information processors the request destination of handling and processing are than (step S520).The execution request of handling and with encrypted corresponding to the relevant information of the content of handling ratio and send to the request destination (step S522) of the processing of determining at step S520.
Carry out processing of request (step S524) at step S522 from the request destination information processing unit 602 that request source information processor 601 receives the execution request of handling.The result of the processing that step S524 carries out sends to request source information processor 601 (step S526).At step S526, the information relevant with contents processing is encrypted then by request destination information processing unit 602 and is sent.At step S526, request source information processor 601 can consider after it receives the execution result of handling that the real work response period reexamines the request of processing and compares.
Carry out the information relevant with content distribution process method as mentioned above.Now, with reference to Figure 27 the method that the information relevant with content of user key encryption is used in the deciphering of being carried out by request destination information processing unit 602 is described.
The decryption method of<15. information relevant〉with content
The method of the information relevant with content of user key encryption is used in the deciphering that Figure 27 explanation is carried out by request destination information processing unit 602.The information relevant with content of using user key to encrypt comprises user's identifying information.
At first, request destination information processing unit 602 checks whether the user ID that is included in the information of obtaining relevant with content is stored in the link information storage area 656.If user ID is stored in the link information storage area 656, ask destination information processing unit 602 to check that based on link information its starting point is whether the route of user ID produces for self device and its point of arrival in link information storage area 656 so.In other words, request destination information processing unit 602 search link information storage parts 656 are included in the link information (for example linking A) (step S530) that user ID in the content information is set to link the destination with searching.
If whether link information found (at step S532), the identifying information of asking destination information processing unit 602 to determine to be set to link the linked source of A so are the device ids (step S534) of self device.If the linked source of link A is the device id of self device, ask destination information processing unit 602 to determine that its starting points are installed for self so and its point of arrival is whether the route of user ID produces and allow the decryption processing (step S538) of content key by decrypts information part 650.
If the linked source at step S534 link A is not the device id that self installs, the identifying information of asking 602 search of destination information processing unit to link the link destination of A so is set to link the other link information (for example linking B) (step S536) of destination.If peer link information does not find, ask destination information processing unit 602 to determine that its starting points are that the route of user ID does not have generation and do not allow the decryption processing (step S540) of content key by decrypts information part 650 for self device and its point of arrival so.On the other hand, if peer link information finds at step S536, whether the identifying information of asking destination information processing unit 602 to determine to be set to link the linked source of B so is the device id (step S534) of self device.
Above-mentioned processing repeats following the tracks of link information, and if the device id of self device link information that is set to linked source be stored in the link information storage area 656, the decryption processing of content key allows so.The method of the information relevant with content key that deciphering use user key is encrypted as mentioned above.
Use is according to the information processing compartment system 500 of the present embodiment, under a plurality of information processors of handling the information relevant with a plurality of contents were connected to each other situation, the computational resource of information processor can effectively utilize and need not the heavy operation of force users execution.In addition, can send safely and receive being connected between the information processor of home network by the interior perhaps relevant information of copyright protection with content.In the present embodiment, and only can send and receive by the relevant information of the content of those information processors deciphering that are linked to the user that has information processor.In other words, even the information relevant with content sends to the information processor that is not linked to the user, information processor can not be deciphered the information relevant with content.Therefore, prevent that the information relevant with content from using outside the authorization limitations could of the use right that offers the user.Therefore, though the copyright of content is protected, distribution process can be carried out effectively.
Though the preferred embodiments of the invention are described with reference to appended drawings, naturally, the present invention is not limited to particular.Obviously, make various changes or modification in essence of the present invention that those skilled in the art can state and the scope in as claim, and naturally, this change and modification will drop in the technical scope of the present invention.
Though in the above-described embodiment, the device information that is connected to the information processor of home network is stored in the management server 600, the present invention is not limited to specific configuration.For example, information processor can each storage be connected to the device information of those information processors of self device.In addition, do not have at device information under the situation of storage, when processing execution, the device information that is connected to those information processors that self install can obtain.By the configuration of describing just now, be possible as will directly being issued to different information processors and management server 600 is not provided about the inquiry of the device information of different information processors as the information processor of request source in the PtoP system.
The present invention goes for the information processing compartment system that the information relevant with content is handled by a plurality of information processors with distributed way.

Claims (17)

1. information processing compartment system comprises:
Management server; And
Be connected to described management server, be used to handle a plurality of information processors of the information relevant by communication network with content;
Described management server comprises
The device information storage area, be used for storing with the relation that is relative to each other the identifying information and the device information of described information processor, device information comprises at least can be respectively by the processing type of described information processor execution and the resource information of described information processor;
Information processor is selected part, be used for selecting described information processor to be suitable for by the processing type of sending the request source information processor appointment of carrying out the information processing request relevant in the described information processor one, and obtain the identifying information of selected information processing unit from described device information storage area with content; And
Device information sends part, is used to send the identifying information of the selected information processing unit that is obtained by described information processor selection portion branch and the device information that is associated with identifying information;
This request source information processor comprises
Handle type and send part, be used to send the execution information processing necessary processing type relevant with content;
The device information receiving unit is used to receive the identifying information of the information processor of being selected by described management server and the device information that is associated with identifying information;
Information on load obtains part, is used for obtaining based on the identifying information of the selected information processing unit that is received by described device information receiving unit the information on load of selected information processing unit;
Request destination determining section is used for determining the request destination information processing unit that the request of execution processing in the described information processor is issued to based on resource information that is included in device information and information on load; And
Content information transmission part is used to send the request of execution processing to the relevant information of content of asking destination information processing unit and transmission with the object of ask processing;
This request destination information processing unit comprises
Information on load sends part, is used for the information on load of request destination information processing unit is sent to the request source information processor;
The processing execution part is used to carry out the information processing relevant with content by the request of request source information processor; And
Processing execution result sends part, and the execution result that is used for the processing that will be carried out by described contents processing operating part sends to the request source information processor.
2. one kind is connected to the information processor of management server and different information processors, the processing information relevant with content by communication network, comprising:
Handle type and send part, be used to send the execution information processing necessary processing type relevant with content;
The device information receiving unit is used to receive the identifying information of of being suitable for handling type, two or more described different information processors and is associated with identifying information and comprises the device information of the resource information of different at least information processors;
Information on load obtains part, is used for obtaining based on the identifying information of the different information processors that received by described device information receiving unit the information on load of different information processors;
Request destination determining section is used for determining the request destination information processing unit that the request of execution processing in the different information processors will be issued to based on resource information that is included in device information and information on load; And
Information transmission part is used to send the request of execution processing to the relevant information of content of asking destination information processing unit and transmission with the object of ask processing.
3. according to the information processor of claim 2, wherein said management server is stored the identifying information and the device information of described different information processors with the relation that is relative to each other, device information comprises can be respectively by the processing type of those execution at least that are associated with identifying information in the described different information processors and the resource information of different information processors, and described management server is selected to be suitable in the different information processors to divide of the processing type that sends and send the identifying information of selected information processing unit from described processing type sending part.
4. according to the information processor of claim 2, also comprise processing execution acceptance permission/refusal query portion, be used for whether acceptable inquiry is issued to the different information processors that are associated with the identifying information of the different information processors that received by described device information receiving unit with carrying out about the information processing relevant with content, described information on load acquisition unit branch obtains the information on load of the different information processors that can accept the information processing execution relevant with content.
5. according to the information processor of claim 2, wherein said request destination determining section is determined the execution ratio of processing, and based on being included in one that resource information and information on load in the device information determined to be issued to according to the processing request of carrying out ratio in the different information processors, and described information sends part and the request of processing execution is issued to determined different information processor and sends and the relevant information of content according to the object of the processing of carrying out ratio.
6. according to the information processor of claim 2, also comprise the information encryption part, be used to use the unique user key of the user who uses described information processor is encrypted the relevant information of content with the object of ask processing, the transmission of described information sending part branch is relevant with content and by described information encryption part information encrypted.
7. according to the information processor of claim 6, also comprise:
The link information storage area is used for storing the identifying information of described information processor and the user's who uses described information processor identifying information with the relation that is relative to each other;
Described link information storing section stores is to the user key of the unique encryption of the user who uses described information processor; And
The key handling part is used to use the user key to the unique Device keys enabling decryption of encrypted of described information processor;
Described information encryption partly uses the user unique and user key that partly deciphered by described key handling to encrypt the information relevant with content.
8. according to the information processor of claim 6, wherein said link information storing section stores at least one link information, and produce starting point according to the link information of storage and be the described information processor that uses identifying information identification and the point of arrival route for the user that uses identifying information identification, with the identifying information of realizing described information processor and use related between user's the identifying information of described information processor, link information comprises a pair of identifying information clauses and subclauses, one expression linked source and another expression link destination.
9. one kind is connected to the information processor of the different information processors that send the request of handling the information relevant with content by communication network, comprising:
Information on load sends part, is used for the information on load of described information processor is sent to described different information processor;
The processing execution part is used to carry out the information processing relevant with content by described different information processor requests; And
Processing execution result sends part, and the processing execution result who is used for being carried out by described contents processing operating part sends to described different information processor.
10. according to the information processor of claim 9, also comprise:
Processing execution is accepted permission/refusal deciding section, is used to determine whether the information processing execution relevant with content by described different information processor requests can be accepted; And
Accept permission/refusal determination result and send part, the acceptance permission/refusal determination result that is used for being accepted the decision of permission/refusal deciding section by described processing execution sends to described different information processor;
When the execution of being accepted permission/refusal deciding section decision information processing by described processing execution can be accepted, described information on load sending part divided the information on load that sends described information processor.
11. the information processor according to claim 9 also comprises:
The message pick-up part is used to receive by described different information processors and uses the relevant information of the content with process object that the unique user key of the user who uses described different information processors is encrypted; And
The decrypts information part is used to decipher the information relevant with encrypted content;
Described processing execution is partly carried out information processing relevant with content and that partly deciphered by described decrypts information.
12. information processor according to claim 9, also comprise processing execution encryption section as a result, be used to use the processing execution result who the unique user key of the user who uses described information processor is encrypted the processing of partly being carried out by described processing execution, described processing execution sending part is as a result divided the processing execution result who sends by the encryption section encryption as a result of described processing execution.
13. information processor according to claim 9, also comprise the link information storage area, the identifying information that is used to store the identifying information of described information processor and uses the user of described information processor, when the identifying information of the user in being stored in described link information storage area was associated with the user's who uses described different information processors identifying information, described contents decryption part is the deciphering enciphered message relevant with content successfully.
14. the information processor according to claim 13 also comprises:
The link information storage area is used for storing the identifying information of described information processor and the user's who uses described information processor identifying information with the relation that is relative to each other;
Described link information storing section stores is to the user key of the unique encryption of the user who uses described information processor; And
The key handling part is used to use the user key to the unique Device keys enabling decryption of encrypted of described information processor;
Described decrypts information partly uses the user key of partly being deciphered by described key handling to decipher the enciphered message relevant with content.
15. information processor according to claim 13, wherein said link information storing section stores at least one link information, and produce starting point according to the link information of storage and be the described information processor that uses identifying information identification and the point of arrival route for the user that uses identifying information identification, with the identifying information of realizing described information processor and use related between user's the identifying information of described information processor, link information comprises a pair of identifying information clauses and subclauses, one expression linked source and another expression link destination.
16. the information processing location mode of an information processor comprises step:
Send and carry out the information processing necessary processing type relevant with content;
Reception is suitable for handling one of type, the identifying information of two or more different information processors and is associated with identifying information and comprises the device information of the resource information of described at least different information processors;
Based on the identifying information of the described different information processors that receive by the device information receiving step, obtain the information on load of described different information processors;
Determine the request destination information processing unit that the request of execution processing in the described different information processor is issued to based on the resource information that is included in the device information with information on load; And
The request of sending the execution processing is to the relevant information of content of asking destination information processing unit and transmission with the object of ask processing.
17. the information processing location mode of an information processor comprises step:
The information on load of described information processor is sent to the different information processors that are connected to described information processor by communication network;
Execution is by the information processing relevant with content of described different information processor requests; And
The execution result of the processing that will be carried out by the contents processing execution in step sends to described different information processor.
CN2006100715796A 2005-03-30 2006-03-30 Information process distribution system, information processing apparatus and information process distribution method Expired - Fee Related CN1841997B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2005100177 2005-03-30
JP2005-100177 2005-03-30
JP2005100177A JP4848660B2 (en) 2005-03-30 2005-03-30 Information processing distributed system, information processing apparatus, and information processing distributed method

Publications (2)

Publication Number Publication Date
CN1841997A true CN1841997A (en) 2006-10-04
CN1841997B CN1841997B (en) 2011-05-18

Family

ID=37030854

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2006100715796A Expired - Fee Related CN1841997B (en) 2005-03-30 2006-03-30 Information process distribution system, information processing apparatus and information process distribution method

Country Status (3)

Country Link
US (1) US20060235956A1 (en)
JP (1) JP4848660B2 (en)
CN (1) CN1841997B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013196306A (en) * 2012-03-19 2013-09-30 Fujitsu Ltd Message repeater system, message relay method and program
CN107810617A (en) * 2015-06-30 2018-03-16 维萨国际服务协会 Secret certification and supply

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4760101B2 (en) * 2005-04-07 2011-08-31 ソニー株式会社 Content providing system, content reproducing apparatus, program, and content reproducing method
JP4765377B2 (en) * 2005-04-07 2011-09-07 ソニー株式会社 Content providing server and mobile phone
JP4663525B2 (en) * 2006-01-06 2011-04-06 株式会社日立製作所 Information processing method, information processing apparatus, and program
KR100782847B1 (en) * 2006-02-15 2007-12-06 삼성전자주식회사 Method and apparatus for importing content which consists of a plural of contents parts
US8978154B2 (en) * 2006-02-15 2015-03-10 Samsung Electronics Co., Ltd. Method and apparatus for importing content having plurality of parts
US20080175190A1 (en) * 2007-01-08 2008-07-24 Freesystems Pte., Ltd. Multi-node media content distribution system
JP4391536B2 (en) * 2007-02-27 2009-12-24 富士通株式会社 Communication device control program, communication device
US8171306B2 (en) * 2008-11-05 2012-05-01 Microsoft Corporation Universal secure token for obfuscation and tamper resistance
JP2012033980A (en) * 2008-11-26 2012-02-16 Panasonic Corp Television broadcast receiver
JP2010176452A (en) * 2009-01-30 2010-08-12 Pioneer Electronic Corp Information processing distribution system, information processing apparatus, and information processing distribution method
JP2011008701A (en) * 2009-06-29 2011-01-13 Sony Corp Information processing server, information processing apparatus, and information processing method
US20130006869A1 (en) * 2011-06-30 2013-01-03 Rovi Corp. Method to identify consumer electronics products
JP2013206056A (en) * 2012-03-28 2013-10-07 Sony Corp Information processing apparatus, information processing system, and program
JP5921348B2 (en) * 2012-06-13 2016-05-24 三菱電機株式会社 Video display terminal
EP3038401B1 (en) * 2013-09-23 2018-02-14 Huawei Technologies Co., Ltd. Communication system, control device and network management server
CN104731656B (en) * 2013-12-23 2018-10-30 华为软件技术有限公司 A kind of resource allocation methods and device
JP6995825B2 (en) * 2019-12-27 2022-01-17 京セラ株式会社 Power management system and power management method

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5179550A (en) * 1991-03-07 1993-01-12 Loral Aerospace Corp. System and method for controlling a multi-point matrix switch
US7194092B1 (en) * 1998-10-26 2007-03-20 Microsoft Corporation Key-based secure storage
US6477200B1 (en) * 1998-11-09 2002-11-05 Broadcom Corporation Multi-pair gigabit ethernet transceiver
JP2001202259A (en) * 2000-01-24 2001-07-27 Oki Electric Ind Co Ltd Distribution system
US7228427B2 (en) * 2000-06-16 2007-06-05 Entriq Inc. Method and system to securely distribute content via a network
JP4296698B2 (en) * 2000-08-17 2009-07-15 ソニー株式会社 Information processing apparatus, information processing method, and recording medium
US7051330B1 (en) * 2000-11-21 2006-05-23 Microsoft Corporation Generic application server and method of operation therefor
JP2003022236A (en) * 2001-07-09 2003-01-24 Fujitsu Ltd Remote control of download of contents data from server to another server in mobile equipment
JP4224262B2 (en) * 2001-07-09 2009-02-12 パナソニック株式会社 Digital information protection system, recording medium device, transmission device, and playback device
JP3837368B2 (en) * 2001-08-08 2006-10-25 松下電器産業株式会社 Copyright protection system, recording device and decryption device
JP4248208B2 (en) * 2001-09-27 2009-04-02 パナソニック株式会社 Encryption device, decryption device, secret key generation device, copyright protection system, and encryption communication device
JP2003204321A (en) * 2001-10-26 2003-07-18 Matsushita Electric Ind Co Ltd Literary work protective system and key management system
JP2003152700A (en) * 2001-11-16 2003-05-23 Mitsubishi Electric Corp Information terminal device and contents decryption method
JP4186466B2 (en) * 2002-01-16 2008-11-26 ソニー株式会社 Content distribution system, content distribution method, information processing apparatus, and computer program
JP2003298565A (en) * 2002-03-29 2003-10-17 Matsushita Electric Ind Co Ltd Contents distribution system
CN1495634A (en) * 2002-06-27 2004-05-12 上海汉唐科技有限公司 Server clustering load balancing method and system
US7490136B2 (en) * 2002-12-17 2009-02-10 Ricoh Company, Ltd. Digital contents distributing system and distributing method
US7912954B1 (en) * 2003-06-27 2011-03-22 Oesterreicher Richard T System and method for digital media server load balancing
US7636917B2 (en) * 2003-06-30 2009-12-22 Microsoft Corporation Network load balancing with host status information
US7281045B2 (en) * 2004-08-26 2007-10-09 International Business Machines Corporation Provisioning manager for optimizing selection of available resources
KR101496424B1 (en) * 2004-10-08 2015-02-27 코닌클리케 필립스 엔.브이. User based content key encryption for a DRM system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013196306A (en) * 2012-03-19 2013-09-30 Fujitsu Ltd Message repeater system, message relay method and program
CN107810617A (en) * 2015-06-30 2018-03-16 维萨国际服务协会 Secret certification and supply
US10826712B2 (en) 2015-06-30 2020-11-03 Visa International Service Association Confidential authentication and provisioning
CN107810617B (en) * 2015-06-30 2021-08-31 维萨国际服务协会 Secret authentication and provisioning
US11323276B2 (en) 2015-06-30 2022-05-03 Visa International Service Association Mutual authentication of confidential communication
US11757662B2 (en) 2015-06-30 2023-09-12 Visa International Service Association Confidential authentication and provisioning

Also Published As

Publication number Publication date
US20060235956A1 (en) 2006-10-19
CN1841997B (en) 2011-05-18
JP4848660B2 (en) 2011-12-28
JP2006277695A (en) 2006-10-12

Similar Documents

Publication Publication Date Title
CN1841997A (en) Information process distribution system, information processing apparatus and information process distribution method
CN100346254C (en) Content sharing system, content reproduction apparatus, content recording apparatusand server managing apparatus groups
CN1277364C (en) Memory card and data distribution system using it
CN1217509C (en) Content data storage
CN1310462C (en) Data protection system that protects data by encrypting the data
CN1855112A (en) Content information providing system, content information providing server, content reproduction apparatus, content information providing method, content reproduction method and computer program
CN1160955C (en) Data transmitter, data transmitting method, data receiver, information processor, and information recording medium
CN1150544C (en) Output device method, recording device method, reproducing device method and recording medium
CN1293719C (en) Encryption decoding method. record reproduction device and record medium
CN1189827C (en) Information processing device and method, and program storage medium
CN1396568A (en) Digital works protection system, recording medium device, transmission device and playback device
CN1735939A (en) Content distribution system, recording device and method, reproduction device and method, and program
CN1324487C (en) Data storing device
CN1767036A (en) Information management method, information reproduction apparatus, and information management apparatus
CN1522395A (en) Content usage device and network system, and license information acquisition method
CN1235131C (en) Device for data reproduction
CN1617152A (en) Content sharing system, content processing apparatus, information processing apparatus and content sharing method
CN1914850A (en) Information processing device and method
CN1571959A (en) Information processing device, information processing method, and computer program
CN1596533A (en) Content using system
CN1479921A (en) Computer program copy management system
CN1682174A (en) Group formation/management system, group management device, and member device
CN1838296A (en) Information processing device and method and computer program
CN1722667A (en) Server/client system, information processing unit, information processing method, and computer program
CN101053200A (en) Information processing device, information recording medium, contents management system, data processing method, and computer program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110518

Termination date: 20130330